Facebook let some companies exploit users' friends data, U.K. email dump alleges

Facebook denies exploiting user data

Facebook gave some companies preferential access to user data — including access to friends in users' networks — without clearly getting permission, according to excerpts from emails released Wednesday by the U.K. Parliament. The social media giant and its founder Mark Zuckerberg also mulled ways to charge outside companies for user data, the email excerpts show.

Apps from companies including Airbnb, Netflix and Lyft were "whitelisted" — permitted full access to users' friends — even after Facebook said in 2015 it had phased out that feature. "It is not clear that there was any user consent for this, nor how Facebook decided which companies should be whitelisted or not," wrote Damian Collins, a Conservative MP leading Parliament's major Facebook investigation, in a preamble to Wednesday's release of Facebook email excerpts.

The email documents also show CEO Mark Zuckerberg discussing ways to encourage users to share more on Facebook in a way that would "increase the value" of the network.

"We're trying to enable people to share everything they want, and to do it on Facebook," he emailed on Nov. 19, 2012, according to the documents. "Sometimes the best way to enable people to share something is to have a developer build a special purpose app or network for that type of content and to make that app social by having Facebook plug into it. However, that may be good for the world but it's not good for us unless people also share back to Facebook and that content increases the value of our network."

According to Collins, Facebook also sought to minimize the fact that its Android app was able to gather users' call and text histories, knowing that feature would be controversial.

Global lawmakers question Facebook on privacy, misinformation

The release comes as part of a lawsuit by Six4Three, a small developer, against Facebook. Six4Three sued Facebook after the 2015 changes effectively eliminated the access that Six4Three's app, called Pinkini, needed to operate.

In a statement Wednesday, Facebook called the case "baseless" and said the email documents "are only part of the story and are presented in a way that is very misleading without additional context."

"We stand by the platform changes we made in 2015 to stop a person from sharing their friends' data with developers. Like any business, we had many internal conversations about the various ways we could build a sustainable business model for our platform. But the facts are clear: We've never sold people's data," the statement said.

According to Collins, the Facebook emails show it aggressively went after competitor apps, "with the consequence that denying them access to data led to the failure of that business."  At the same time, the emails appear to show Facebook accommodated large companies that could become paying customers.

In another email on Jan. 24, 2013, a Facebook staffer wrote: "Twitter launched Vine today which lets you shoot multiple short video segments to make one single, 6-second video. ... Unless anyone raises objections, we will shut down their friends API access today." Zuckerberg responded, "Yup, go for it."

Later on Wednesday, Facebook said it would drop the policy that led to it imposing restrictions on some apps.

When Facebook's developer platform was first built, the company said, "we made the decision to restrict apps built on top of our platform that replicated our core functionality. These kind of restrictions are common across the tech industry with different platforms having their own variant including YouTube, Twitter, Snap and Apple."

Facebook continued, "As part of our ongoing review we have decided that we will remove this out-of-date policy so that our platform remains as open as possible. We think this is the right thing to do as platforms and technology develop and grow."

The emails also indicate that Zuckerberg considered charging for data access at least as far back as 2012. An email from Zuckerberg on Oct. 7, 2012, five months after the company went public, spelled out some possibilities for charging developers:

I've been thinking about platform business model a lot this weekend...if we make it so devs can generate revenue for us in different ways, then it makes it more acceptable for us to charge them quite a bit more for using platform. The basic idea is that any other revenue you generate for us earns you a credit towards whatever fees you own us for using plaform. For most developers this would probably cover cost completely. So instead of every paying us directly, they'd just use our payments or ads products. A basic model could be:

Login with Facebook is always free
Pushing content to Facebook is always free
Reading anything, including friends, costs a lot of money. Perhaps on the order of $0.10/user each year.

For the money that you owe, you can cover it in any of the following ways:

Buys ads from us in neko or another system
Run our ads in your app or website (canvas apps already do this) Use our payments
Sell your items in our Karma store.

Or if the revenue we get from those doesn't add up to more that the fees you owe us, then you just pay us the fee directly.

Facebook maintains that it never sells user data, but many data-privacy advocates say the distinction between selling data and charging companies to access users based on their data is a rather fine line for practical purposes. 

The group Freedom From Facebook said the emails showed Facebook was abusing its market power and called for Congress to act. "More than a century ago, Congress passed antitrust laws to stop monopolists from crushing competitors through precisely these kinds of predatory and unfair tactics," the group said. "These documents make clear the need for the Federal Trade Commission to bring a case against Facebook without delay."

CNET's Dan Patterson and CBS News' Graham Kates contributed reporting.