As reported by TechCrunch, in recent weeks, there have been claims circulating on various platforms that Netflix had access to users’ private messages on Facebook. These claims originated from a court filing in a class-action lawsuit over data privacy practices between a group of consumers and Facebook’s parent company, Meta.
The document alleges that Netflix and Facebook had a “special relationship” and that Facebook even cut spending on original programming for its Facebook Watch video service so as not to compete with Netflix, a large Facebook advertiser. It also states that Netflix had access to Meta’s “Inbox API” that offered the streamer “programmatic access to Facebook’s user’s private message inboxes.”
This is the part of the claim that led to Elon Musk replying "Wow" and "Yup" to multiple posts about the matter on social media platform X, leading to a chorus of angry replies about how Facebook user data was for sale, so to speak.
However, Meta, for its part, is denying the accuracy of the claims. Meta’s communications director, Andy Stone, explained on X that the agreement between Netflix and Facebook allowed people to message their friends on Facebook about what they were watching on Netflix, directly from the Netflix app. Stone also mentioned that such agreements are commonplace in the industry.
He categorically denied the claim that Netflix had been given access to users’ private messages, stating that it was "shockingly untrue." Stone went on further to state, “Meta didn’t share people’s private messages with Netflix. The agreement allowed people to message their friends on Facebook about what they were watching on Netflix, directly from the Netflix app. Such agreements are commonplace in the industry.”
It is worth noting, however, that Netflix had a level of access that other companies did not have. The document claims that Netflix had access to Facebook’s “Titan API,” a private API that allowed it to integrate with Facebook’s messaging app. In exchange for the Inbox API access, Netflix also agreed to provide the social networking company with a “written report every two weeks” with information about its recommendation sends and recipient clicks and agreed to keep its API agreement confidential. By 2015, Netflix was paying $40 million for Facebook ads, and granting Facebook access to Netflix user data for the use of ad targeting and optimization. In 2017, Netflix agreed to spend $150 million on Facebook ads and provide the company with “cross-device intent signals.”
While Stone has brushed off Netflix’s ability to eavesdrop on private messages, the lack of encrypted communications combined with read/write access to message inboxes makes it difficult to guarantee that messages were always protected. Additionally, Messenger didn’t implement default end-to-end encryption until December 2023, a procedure that would have shut down any speculation at its inception, leaving no room for doubt.
The court filing also details other practices of Meta, including how it snooped on Snapchat traffic in secret, among other things. It is clear that data privacy practices are under increased scrutiny, and companies will need to demonstrate transparency and accountability in their dealings with user data to build and maintain trust with their customers.