Internal Facebook documents under seal in a pending U.S. court case were released by a British parliamentary committee Wednesday in a report that could raise questions over how the social network has profited from and protected user data.

The 250-page report claims Facebook entered “whitelisting” agreements allowing select third-party companies to maintain full access to users’ friends data after it supposedly ended the practice in 2015. The report suggests that Facebook gave preferential treatment to some companies by giving them access to users’ friends data, while blocking other companies’ access.

‘It is not clear that there was any user consent for this’

The report, including a summary and exhibits, was compiled by parliament member, Damian Collins, Chair of the Digital, Culture, Media and Sport Committee. He led an effort to seize the sealed documents from Ted Kramer, the founder of a folded app development company, Six4Three, which is suing Facebook for changing its Graph API, which let outside companies see the data of not only people who signed up for their apps, but also their friends’ data.

The documents suggest that Facebook “whitelisted” certain outside companies so they could, in fact, see this data, after it changed its Graph API.

“It is not clear that there was any user consent for this, nor how Facebook decided which companies should be whitelisted or not,” the report states.

Facebook CEO Mark Zuckerberg responded Wednesday in a post saying the released documents represent only part of the company’s discussions leading up to changes made to its developer platform “in order to shut down abusive apps” in 2014 and 2015.

The trove of exhibits accompanying the Committee’s summary, including internal Facebook emails, as well as communications between Facebook and outside companies like Lyft, Airbnb and Netflix, discuss whitelisting practices that permit outside companies continued access to users’ friend data. The Committee accuses Facebook of monetizing such access — the data-sharing practice central to Facebook’s Cambridge Analytica scandal — at the expense of consumers.

“It is clear that increasing revenues from major app developers was one of the key drivers behind the Platform 3.0 changes at Facebook,” the Committee’s report says about Facebook’s decision to end developer access to the friends data API. “The idea of linking access to friends data to the financial value of the developers’ relationship with Facebook is a recurring feature of the documents.”

In a statement posted to its corporate website, Facebook said, “There is an important distinction between friends’ data and friend lists.”

“In some situations, when necessary, we allowed developers to access a list of the users’ friends. This was not friends’ private information but a list of your friends (name and profile pic),” the statement said.

The Committee’s summary goes on to say that it appears that without customers’ knowledge, Facebook conducted surveys to determine how many people downloaded and used mobile apps. For Android users, the summary states, Facebook “made it as hard as possible for users to know that” an upgrade to the Facebook app enabled Facebook to collect a record of users’ calls and texts.

“The [Android] feature is opt in for users and we ask for people’s permission before enabling,” Facebook stated.

In response, Facebook has denied that it sold user data. A spokesperson for Facebook told Yahoo Finance, “As we’ve said many times, the documents Six4Three gathered for their baseless case are only part of the story and are presented in a way that is very misleading without additional context. We stand by the platform changes we made in 2015 to stop a person from sharing their friends’ data with developers. Like any business, we had many of internal conversations about the various ways we could build a sustainable business model for our platform. But the facts are clear: we’ve never sold people’s data.”

‘We will shut down their friends API access today’

However, the report suggests that Facebook might have had other motivations for cutting off companies’ API access. A January 2013 email from Dan Rose, Facebook’s former Vice President of Partnerships, references communication between Zuckerberg and Vice President Justin Osofsky concerning Twitter’s launch of the now-shuttered Vine app that, at the time, was capable of using Facebook to find friends.

“Unless anyone raises objections, we will shut down their friends API access today,” an email from Osofsky says.

“Yup, go for it,” a reply from Zuckerberg says.

However, in his response Wednesday, Zuckerberg said Facebook changed its data sharing authorizations to curtail abuse.

“This change meant that a lot of sketchy apps — like the quiz app that sold data to Cambridge Analytica — could no longer operate on our platform,” Zuckerberg wrote. “Some of the developers whose sketchy apps were kicked off our platform sued us to reverse the change and give them more access to people’s data. We’re confident this change was the right thing to do and that we’ll win these lawsuits.”

Zuckerberg went on to say the company’s data-sharing changes were prompted when more of its users moved from desktop to mobile platforms.

“Back when the main way people used Facebook was on computers, we supported the platform by showing ads next to developers’ apps on our website. But on mobile, Apple’s policies prevent us from letting apps run within Facebook and apps take the whole screen anyway, so we needed a new model to support this platform to let people log in and connect with other apps,” Zuckerberg said.

“Like any organization, we had a lot of internal discussion and people raised different ideas. Ultimately, we decided on a model where we continued to provide the developer platform for free and developers could choose to buy ads if they wanted.”