Facebook failed to closely monitor device-makers after granting them access to the personal data of hundreds of millions of people, according to a previously unreported disclosure to Congress last month.Facebook’s loose oversight of the partnerships was detected by the company’s government-approved privacy monitor in 2013. But it was never revealed to Facebook users, most of whom had not explicitly given the company permission to share their information. Details of those oversight practices were revealed in a letter Facebook sent last month to Sen. Ron Wyden, D-Ore., a privacy advocate and frequent critic of the social media giant.In the letter, a copy of which Wyden provided to The New York Times, Facebook wrote that by early 2013 it had entered into data-sharing agreements with seven device-makers to provide what it called the “Facebook experience” — custom-built software, typically, that gave those manufacturers’ customers access to Facebook on their phones. Those partnerships, some of which date to at least 2010, fall under a consent decree with the Federal Trade Commission drafted in 2011 and intended to oversee the company’s privacy practices.Facebook ultimately entered into dozens of similar data-sharing partnerships, most of which the company began winding down this spring after revelations that it had allowed Cambridge Analytica, a political data firm, to acquire the personal information of tens of millions of people. The firm used some of that information in efforts to aid President Donald Trump’s 2016 campaign.When a team from the auditing firm PwC conducted the initial FTC-mandated assessment in 2013, it tested Facebook’s partnerships with Microsoft and Research in Motion, maker of the BlackBerry handset. In both cases, PwC found only “limited evidence” that Facebook had monitored or checked its partners’ compliance with its data use policies. That finding was redacted from a public version of PwC’s report released by the FTC in June.“Facebook claimed that its data-sharing partnerships with smartphone manufacturers were on the up and up,” Wyden said. “But Facebook’s own, hand-picked auditors said the company wasn’t monitoring what smartphone manufacturers did with Americans’ personal information, or making sure these manufacturers were following Facebook’s own policies.” He added, “It’s not good enough to just take the word of Facebook — or any major corporation — that they’re safeguarding our personal information.”In a statement, a Facebook spokeswoman said, “We take the FTC consent order incredibly seriously and have for years submitted to extensive assessments of our systems.” She added, “We remain strongly committed to the consent order and to protecting people’s information.”Facebook, like other companies under FTC consent decree, largely dictates the scope of each assessment. In two subsequent assessments, Facebook’s October letter suggests, the company was graded on a seemingly less stringent policy with data partners. On those two, Facebook had to show that its partners had agreed to its data use policies.A Wyden aide who reviewed the unredacted assessments said they contained no evidence that Facebook had ever addressed the original problem. The Facebook spokeswoman did not directly address the 2013 test failure, or the company’s apparent decision to change the test in question.Because the United States has no general consumer privacy law, FTC consent decrees have emerged as the federal government’s chief means of regulating privacy practices at Facebook, Google and other companies that amass huge amounts of personal data about people who use their products. In letters and congressional testimony, FTC officials have pointed to the decrees as evidence of robust consumer privacy protection in the U. S.A spokesman for PwC acknowledged in a statement that Facebook defines the privacy procedures, known as “controls,” that are tested during the assessments.“Changes to controls may occur as platforms evolve, such that a control tested in one period may not be identical in a subsequent period,” the spokesman said.Facebook’s letter disclosing the assessors’ findings came in response to questions Wyden raised during an intelligence hearing in September. The hearing was held just weeks after The Times reported that Facebook had struck data-sharing deals with dozens of phone and tablet manufacturers, including Microsoft, BlackBerry and Amazon.While the assessment reports were publicly released by the FTC in June, they included significant redactions, which Facebook and PwC said were necessary to protect trade secrets.Wyden, whose staff had viewed the full assessments, said at the hearing that he found parts of the unredacted reports “very troubling” and pressed Sheryl Sandberg, Facebook’s chief operating officer, to release them in their entirety.The Electronic Privacy Information Center, a Washington-based consumer rights group that helped obtain the 2011 consent decree, is currently suing the agency for release of the full assessments, arguing that the public cannot otherwise judge how effectively the FTC is policing privacy violations.“What is clear is that the FTC has failed to enforce the consent order,” said Marc Rotenberg, the president of the privacy rights group. “And this has come at enormous cost to American consumers.”The FTC declined to comment.Facebook’s compliance with the consent decree is the subject of a new FTC investigation opened in the wake of the Cambridge Analytica scandal.In the letter last month, Facebook’s vice president for U. S. public policy, Kevin Martin, noted that the assessors’ findings had not caused Facebook to fail PwC’s overall evaluation: The assessors concluded that Facebook was operating “with sufficient effectiveness to provide reasonable assurance” that it was protecting its users’ privacy.It remains unclear whether Facebook has ever scrutinized how its partner companies handled personal data. A spokeswoman declined to provide any examples of the company’s doing so.A BlackBerry official, who declined to discuss details of the companies’ data-sharing agreement, said BlackBerry did not think that Facebook had ever audited its data use, but noted that BlackBerry’s business model relies on protecting users’ personal information.