New Delhi: Music streaming app Saavn and telecom firm Airtel are among the dozens of companies that received either a special, one-time exemption from Facebook after it cut off access to user data in 2015 or signed data sharing agreements with the social networking giant as part of an “integration partnership”.

This information comes from new written submissions made by the Silicon Valley-based technology firm to the US Congress.

These hitherto unreported deals with app developers and software makers represent what analysts and media reports are calling the “most granular explanation of exemptions” that Facebook gave companies with regard to accessing user data.

The company disclosed the existence of two groups of deals, each with separate permissions and restrictions.

Saavn is part of a group of 61 companies that were given a temporary exemption to a block on apps accessing details about users’ friends.

Since its inception, the social networking service has allowed third-party apps like Saavn to access, supposedly with consent, wide-ranging data about the friends of users who had signed up.

However, after widespread complaints and criticism, it announced that type of data access would be blocked from May 2015.

However, a group of app developers including Saavn were given extra time to become compliant with Facebook’s more restrictive platform API (application programming interface) policy – a new set of rules that were designed to protect user privacy and prevent abuse.

It is unclear why these companies were singled out and given a one-time special exemption.

Facebook has stated that it was still sharing information of users’ friends – such as gender, name, date of birth, home network, photos and page likes – with Saavn and 60 other app developers for nearly six months after it said it had cut off access to this data in May 2015.

The social networking company, however, has emphasised that any information about an app’s user friends “required not only the consent of the app user but also required that the friends whose data would be accessed have their own privacy settings set to permit such access by third-party apps”.

Nevertheless, the six-month extension given to Saavn and others raises a number of questions.

For instance, Facebook itself notes that the new and stronger API policy introduced in May 2015 also included a new app review process that “required developers… to justify the data they are looking to collect and how they are going to use it”.

If a “legitimate need for that data” was not demonstrated, Facebook would reject that app under its new review policy. According to data provided by the company, Facebook rejected more than half of the apps submitted under its new policy between April 2014 and April 2018.

In addition to that, The Wall Street Journal has reported that many of these “whitelisting arrangements” were struck with companies that advertised on Facebook or were valuable for other reasons.

The publication also reported that some of these deals also allowed “certain companies to access additional information about a user’s Facebook friends”.

The Wire could not independently verify this or the nature of Saavn’s extension.

When contacted, a Saavn spokesperson denied that any extension had been given to the company.

“Saavn has not requested nor been given an extension to access any Facebook user data,” a company spokesperson said in an emailed statement.

Airtel partnership

The other set of deals were with a group of Airtel and 51 other companies that Facebook authorised to tap its user data in order to “recreate Facebook-like experiences”.

In its submissions, the company disclosed what it called “integration partnerships” – deals that were forged that allowed software partners “to build ways for people to access their [Facebook] experiences on a range of devices and products”.

These included Facebook-branded apps, social networking service hubs and “USSD services, which are services that provided Facebook notifications and content via text message”.

The New York Times has reported that some of these data-sharing agreements, particularly with hardware and device makers, allowed companies to “access the data of users’ friends without their explicit consent and even after declaring that it would no longer share such information with outsiders”.

It’s unclear what type of Facebook data Airtel was able to access as a result of this partnership.

When contacted, an Airtel spokesperson confirmed the existence of a partnership and that the company was granted access to some data, but said that it had ended in 2013.

“The matter pertains to the year 2010 when Airtel was granted access to data by Facebook as an app developer. The project ended in 2013 and so did the access to the data. We confirm the that the data was used only for our internal purposes,” a company spokesperson said in an emailed statement.

“We take data privacy extremely seriously and follow a zero tolerance policy on the same,” the statement added.