One of Canada’s largest banks appears alongside Silicon Valley technology firms in a New York Times investigation into Facebook privacy violations, in a piece published on Tuesday evening.
The Royal Bank of Canada (RBC) is said to have been given special permissions around the private messages of Facebook users. The New York Times obtained documents generated by Facebook in 2017 that were intended to track partnerships. It details how Facebook arranged for its partners to bypass privacy protections to more closely integrate their platforms, including access to view the friends’ list of Facebook users and access aspects of their private messages.
Here’s the paragraph that mentions RBC:
“Facebook also allowed Spotify, Netflix and the Royal Bank of Canada to read, write and delete users’ private messages, and to see all participants on a thread — privileges that appeared to go beyond what the companies needed to integrate Facebook into their systems, the records show. Facebook acknowledged that it did not consider any of those three companies to be service providers. Spokespeople for Spotify and Netflix said those companies were unaware of the broad powers Facebook had granted them. A Royal Bank of Canada spokesman disputed that the bank had any such access.”
At present, RBC has a verified Facebook page with more than half a million followers. It’s not the first time that RBC has come up in a Facebook investigation lately. An inquiry held at a British parliamentary committee earlier this month also mentioned the bank, as reported in Maclean’s. RBC’s partnership with Facebook goes back to at least 2013, when it allowed users to send Interac email transfers through Facebook Messenger.
The report says that RBC stopped allowing online transactions via Facebook in 2015 after the social network made changes to its network’s privacy settings. Internal emails reveal Facebook executives debated providing user data access to large corporate customers like RBC. But a RBC spokesperson told Maclean’s in an email that “it never had a minimum marketing spend or target agreement with Facebook.”
RBC provided a statement to CBC News, disputing that it had special access to users’ private messages.
“RBC’s use of the Facebook platform was limited to the development of a service that enabled clients to facilitate payment transactions to their Facebook friends,” the bank told CBC News in a statement.
“As part of our security and fraud protocols, we needed to uniquely identify the recipient of funds and payments to securely process the transaction and deliver the notification,” RBC spokesman AJ Goodman said.
“We did not have the ability to see users’ messages. We decommissioned the service in 2015 and our limited access, which was used strictly to enable our clients’ payments, ended at that time.”