In the months that have followed Mark Zuckerberg's testimony before Congress, Facebook has repeatedly found itself in the headlines. Once again, it has come to light that the social media giant has been less than transparent, with the Wall Street Journal reporting that certain companies deemed to provide particular value to Facebook were placed on what was internally dubbed as "whitelists," granting them access to customer data.
Two companies identified as making the whitelist include the Royal Bank of Canada and Nissan Motor Co., a source familiar with the matter reportedly told the Journal. In addition to phone numbers, the information the companies were able to access included a "friend link" metric, which provided data on the degrees of separation among users and their friends.
While no additional names of whitelisted companies have been disclosed, Facebook has justified the deals, reportedly claiming that the access was granted with the intention of both improving the user experience and allowing third parties and partners the time needed to conclude their previously existing data-sharing projects.
Facebook acknowledged the "small group" had been granted extended access beyond 2015 May as part of what Ime Archibong, vice president of product partnerships, Facebook, called the company's consistent and principled approach to working with developers.
“As we were winding down over the year, there was a small number of companies that asked for short-term extensions, and that, we worked through with them,” Archibong reportedly said. “But other than that, things were shut down.”
This newest whitelist revelation is separate from the data-sharing partnerships with device makers that was reported last week. A Facebook spokeswoman is reported to have confirmed that the company has been sharing users’ data with at least 60 different device producers, including Apple, Microsoft and Samsung, since 2007.
Despite its claim to have stopped third-party access to information on users's friends back in 2015, NordVPN wrote that "Facebook does not internally consider device makers to be third parties, so it did not disclose the fact that it was sharing the same exact data with those companies."