The British Parliament has released 223 pages worth of documents showing that the social network gave certain companies special access to user data even after promising to limit such access for third-party apps.

Parliament’s media committee seized confidential Facebook documents from the developer of a now-defunct bikini photo searching app as part of its investigation into fake news. The documents include communication from 2012 to 2015 between high-level Facebook employees, including founder and Chief Executive Mark Zuckerberg, show how the social media company debated generating revenue by selling access to data, tracked and fended off rivals and braced for potential blowback as it moved to capture more user data..

"There’s a big question on where we get the revenue from," CEO Mark Zuckerberg said in one email. “Do we make it easy for devs to use our payments/ad network but not require them? Do we require them? Do we just charge a rev share directly and let devs who use them get a credit against what they owe us? It’s not at all clear to me here that we have a model that will actually make us the revenue we want at scale.”

The parliament’s Digital, Culture, Media and Sport Committee received the documents from app developer Six4Three, which had acquired the files dating from 2013-2014, as part of a U.S. lawsuit against the social media giant. The app developer is suing Facebook over a change to the social network’s privacy policies in 2015 that led Six4Three to shut down its app, Pikinis, which let users find photos of their friends in bathing suits by searching their friends list.

Below is a summary of key issues from the Six4Three files:

White Lists

Facebook have clearly entered into whitelisting agreements with certain companies, which meant that after the platform changes in 2014/15 they maintained full access to friends data. It is not clear that there was any user consent for this, nor how Facebook decided which companies should be whitelisted or not. Dating app Badoo and Lyft were among the other companies 'whitelisted' for access to data about users' friends, the documents showed.

Value of friends data

It is clear that increasing revenues from major app developers was one of the key drivers behind the Platform 3.0 changes at Facebook. The idea of linking access to friends data to the financial value of the developers relationship with Facebook is a recurring feature of the documents.

Reciprocity

Data reciprocity between Facebook and app developers was a central feature in the discussions about the launch of Platform 3.0.

Android

Facebook knew that the changes to its policies on the Android mobile phone system, which enabled the Facebook app to collect a record of calls and texts sent by the user would be controversial. To mitigate any bad PR, Facebook planned to make it as hard of possible for users to know that this was one of the underlying features of the upgrade of their app.

Onavo

Facebook used Onavo to conduct global surveys of the usage of mobile apps by customers, and apparently without their knowledge. They used this data to assess not just how many people had downloaded apps, but how often they used them. This knowledge helped them to decide which companies to acquire, and which to treat as a threat.

Targeting competitor Apps

The files show evidence of Facebook taking aggressive positions against apps, with the consequence that denying them access to data led to the failure of that business.

The documents also show an exchange between Zuckerberg and senior executive Justin Osofsky in 2013, in which they decided to stop giving friends’ data access to Vine on the day that social media rival Twitter launched the video-sharing service.

“We’ve prepared reactive PR,” Osofsky wrote, to which Zuckerberg replied, “Yup, go for it.”

"The documents Six4Three gathered for their baseless case are only part of the story and are presented in a way that is very misleading without additional context," Facebook said in a statement. “We stand by the platform changes we made in 2015 to stop a person from sharing their friends’ data with developers. Like any business, we had many internal conversations about the various ways we could build a sustainable business model for our platform. But the facts are clear: we’ve never sold people’s data.”

"Like any organization, we had a lot of internal discussion and people raised different ideas. Ultimately, we decided on a model where we continued to provide the developer platform for free and developers could choose to buy ads if they wanted. This model has worked well. Other ideas we considered but decided against included charging developers for usage of our platform, similar to how developers pay to use Amazon AWS or Google Cloud. To be clear, that's different from selling people's data. We've never sold anyone's data," Facebook CEO Mark Zuckerberg said.

"We've focused on preventing abusive apps for years, and that was the main purpose of this major platform change starting in 2014. In fact, this was the change required to prevent the situation with Cambridge Analytica. While we made this change several years ago, if we had only done it a year sooner we could have prevented that situation completely, " Zuckerberg added.

Updated: Facebook responded to the specific areas outlined above. Here is what Facebook says:

White Lists

There is an important distinction between friends’ data and friend lists. We changed our platform policies in 2014/15 to prevent apps from requesting permission to access friends’ private information. The history of Cambridge Analytica shows this was the right thing to do. For most developers, we also limited their ability to request a list of who someone’s friends were, unless those friends were also using the developer’s app. In some situations, when necessary, we allowed developers to access a list of the users’ friends. This was not friends’ private information but a list of your friends (name and profile pic).

In addition, white lists are also common practice when testing new features and functionality with a limited set of partners before rolling out the feature more broadly (aka beta testing). Similarly, it’s common to help partners transition their apps during platform changes to prevent their apps from crashing or causing disruptive experiences for users.

Value of Friends’ Data

The developer platform is free for developers to use.

We explored multiple ways to build a sustainable business with developers who were building apps that were useful to people. But instead of requiring developers to buy advertising – the option discussed in these cherrypicked emails – we ultimately settled on a model where developers did not need to purchase advertising to access APIs and we continued to provide the developer platform for free.

Reciprocity

In 2013, Facebook had the following “reciprocity” provision in its Facebook Platform Policies:

“Reciprocity: Facebook Platform enables developers to build personalized, social experiences via the Graph API and related APIs. If you use any Facebook APIs to build personalized or social experiences, you must also enable people to easily share their experiences back with people on Facebook.”

This policy required developers to give people the option to share information back to Facebook through the developer’s app. This meant that you could share your app experience (game score, photo, etc.) back to your Facebook friends if you wanted to. People had the choice about whether thy did this or not.

Call and SMS History on Android

This specific feature allows people to opt in to giving Facebook access to their call and text messaging logs in Facebook Lite and Messenger on Android devices. We use this information to do things like make better suggestions for people to call in Messenger and rank contact lists in Messenger and Facebook Lite. After a thorough review in 2018, it became clear that the information is not as useful after about a year. For example, as we use this information to list contacts that are most useful to you, old call history is less useful. You are unlikely to need to call someone who you last called over a year ago compared to a contact you called just last week.

Onavo

Onavo provides people with a free VPN app that creates a safer connection while you’re using apps or accessing the web on your phone. As part of providing the service, Onavo collects information about app usage to gain insights into the products and services people value, so we can build better experiences. We’ve always been clear when people download Onavo about the information that is collected and how it is used, including by Facebook. We let people know before they download the app and on the first screen they see after installing it. Also, people can opt-out via the control in their settings and their data won’t be used for anything other than to provide, improve and develop Onavo products and services. Websites and apps have used tools like Onavo for market research services for years. We use Onavo, App Annie, comScore, and publicly available tools to help us understand the market and improve all our services.

Targeting Competitor Apps

We built our developer platform years ago to pave the way for innovation in social apps and services. At that time we made the decision to restrict apps built on top of our platform that replicated our core functionality. These kind of restrictions are common across the tech industry with different platforms having their own variant including YouTube, Twitter, Snap and Apple. We regularly review our policies to ensure they are both protecting people’s data and enabling useful services to be built on our platform for the benefit of the Facebook community. As part of our ongoing review we have decided that we will remove this out-of-date policy so that our platform remains as open as possible. We think this is the right thing to do as platforms and technology develop and grow.