Royal Bank of Canada has become embroiled in a privacy scandal engulfing Facebook after it emerged that the social network appeared to provide a raft of Big Tech companies with privileged access to user accounts.
According to internal documents unearthed by the New York Times, Facebook has given some of the world's largest companies more intrusive access to user data than it has previously disclosed.
The records appear to show that Faceoook allowed Spotify, Netflix and the Royal Bank of Canada to read, write and delete users’ private messages, and to see all participants on a thread — privileges that appeared to go beyond what the companies needed to integrate Facebook into their systems.
Facebook acknowledges that it did not consider any of those three companies to be service providers. Spokespeople for Spotify and Netflix say they were unaware of the broad powers Facebook had granted them. A Royal Bank of Canada spokesman flatly denies that the bank had any such access.
Spotify, which could view messages of more than 70 million users a month, still offers the option to share music through Facebook Messenger. But Netflix and the Canadian bank no longer needed access to messages because they had deactivated features that incorporated it.
In a blog post, Facebook has disputed the allegations that it gave companies access to information without people’s permission, but acknowledges: "We recognise that we’ve needed tighter management over how partners and developers can access information using our APIs. We’re already in the process of reviewing all our APIs and the partners who can access them."