As privacy concerns arose, some agreements limited how social-media company could use the information

Facebook pressed financial firms as recently as last year for the ability to use customer data flowing through its Messenger platform.

Facebook Inc. FB -1.07% has been under scrutiny for months over its handling of personal data, but it has been haggling with financial firms over its access to sensitive financial data for years.

As recently as last year, the social-media company pressed financial firms for the ability to use customer data flowing through its Messenger platform for a range of purposes, including advertising, according to people familiar with the matter and documents reviewed by The Wall Street Journal. Concerned about privacy, several firms negotiated bespoke agreements that limited how Facebook could use any financial information that would pass through its servers.

The negotiations highlight a dilemma facing Facebook as it balances its need for detailed user data to better target advertisements and increase user engagement with concerns about how best to handle users’ most sensitive personal information. It is an issue that has taken on new importance following the uproar over Facebook’s ties to political analytics firm Cambridge Analytica, which accessed information on as many as 87 million users of the social-media network without their consent.

Facebook has in recent months taken steps to give users more control over the massive cache of data it collects. Earlier this year, the company changed its privacy policy to more clearly spell out how it handles advertising and user data. In April, before the European Union began enforcing its General Data Protection Regulation privacy law, Facebook asked users to review information about different types of advertising.

“Like many online companies, we partner with financial institutions to improve people’s commerce experiences, like enabling better customer service, and people opt into these experiences,” said Facebook spokeswoman Elisabeth Diana. “We’ve emphasized to partners that keeping people’s information safe and secure is critical to these efforts. That has been and always will be our priority.”

She said Facebook hasn’t and doesn’t use consumer financial data for so-called ad targeting, or placing ads in front of specific audiences.

Facebook’s negotiating stance with financial firms evolved over the years, ranging from asserting ownership of all data that passes through its servers to, later on, allowing financial firms to restrict its use of the information. Several of the deals were negotiated ahead of Facebook’s 2017 developer conference, when more than a dozen companies in multiple industries, including financial services, launched services on Messenger.

Prior to the launch, Facebook’s privacy policy said “we use all of the information we have about you to show you relevant ads.”

In conversations with American Express Co. in 2016, Facebook executives said they wanted to use individualized cardholder spending data that passes through Facebook for a variety of purposes, according to a person familiar with the matter. That would have allowed them to use the data for ad targeting, the person said.

The companies were discussing launching an AmEx chatbot on Facebook that would send transaction-level alerts to AmEx U.S. cardholders who sign up for the service. Those alerts function like purchase receipts that tell cardholders when their AmEx card has been used to make a purchase.

AmEx didn’t want Facebook to use individualized data for anything besides servicing cardholders who opted into the chatbot, the person said, and instead agreed to provide aggregated transaction data for ads and other purposes.

After Bank of America Corp. reviewed Facebook’s terms, it decided it would move its clients who engage in private messaging with the bank on Facebook off of the site so that Facebook wouldn’t gain access to their financial data, according to a person familiar with the matter.

When Wells Fargo & Co. launched a chatbot pilot with Facebook in 2017, it informed customers that Facebook would have access to their Messenger conversations with bank representatives, per its data policy. “Customers were cautioned that they should not enter account numbers or other sensitive data in their chatbot conversations,” a spokeswoman said. The 5,000-customer pilot ended in April.

PayPal Holdings Inc., which allows users of the payment service to send money through Messenger, negotiated a custom contract that prohibits Facebook from using PayPal customers’ data for advertising or any of Facebook’s own commercial purposes, the company said.

Western Union Co. , which also launched a Messenger-based money-transfer service at the 2017 developer conference, has a custom deal that “reflects our privacy obligations to our customers,” said spokeswoman Pia De Lima.

The deals predate a more recent Facebook effort, reported by The Wall Street Journal last month, to form partnerships with big banks to offer a range of customer services through Messenger, including fraud alerts and a feature that would show its users their checking-account balances. The company said it wouldn’t use any information obtained through those services for ad-targeting purposes.

Banks have been hesitant to give too much control to Facebook. At least one large U.S. bank pulled away from the Facebook talks because of privacy concerns, according to the earlier Journal report.