Samsung, BlackBerry, Microsoft, and dozens of other original equipment manufacturers are receiving vast user data from Facebook and have been for a decade, The New York Times reports, citing sources familiar with the matter. Apple and Amazon are also said to be collaborating with the social media giant on data-sharing initiatives, with the NYT speculating the projects may represent a violation of Facebook’s 2011 privacy settlement with the United States Federal Trade Commission. While that agreement prevents Facebook from sharing users’ data with third parties without obtaining explicit consent from the former group, its OEM partnerships allow device makers to access information in such a manner and even glean data belonging to Facebook friends of their customers. Some companies were previously even able to obtain personal user information from individuals who specifically chose to opt out of the data-sharing program, as per the same report.
The vast majority of those initiatives remain active to this date, though Facebook is understood to have started decreasing their scope in April, presumably in reaction to the Cambridge Analytica scandal. An academic hired by the political consulting firm in 2014 to harvest user data did so in accordance with Facebook’s terms of use for developers, with the company outlawing the act of mining information on one’s Facebook friends a year later and being quick to tout that decision in a highly public manner. What the firm wasn’t keen on publicizing is that the new restrictions which came into effect in 2014 with the goal of preventing another Cambridge Analytica episode didn’t apply to smartphone makers or any other type of OEMs.
Facebook officials told the NYT that their data sharing partnerships with hardware manufacturers are in line with the company’s existing privacy policies and don’t violate the 2011 FTC settlement. Facebook VP Ime Archibong also asserted that OEM partnerships are radically different than developer ones by virtue of the fact that any data they provide to third parties can only be used for enhancing “the Facebook experience” on specific devices. A number of security experts interviewed by the NYT insist the practice still represents a major privacy risk, especially as it allows Facebook and OEMs to override user-imposed data sharing restrictions, thus rendering them useless. The Menlo Park, California-based firm remains under major scrutiny following its privacy debacles from earlier this year, with its top officials repeatedly vowing to do better to protect the privacy of its users moving forward.