Facebook has been under fire recently, with explosive whistleblower allegations and continuing regulatory headaches. But things might have just got worse for Facebook’s 3 billion users—could it be the turning point that finally incentivises people to delete their accounts?
If you care about your data, it might be. According to a new report in Vice’s Motherboard, Facebook has no idea what it does with your data, or where it goes. That’s despite the fact that Facebook is one of the most data-hungry platforms in the world.
Motherboard published the leaked document written by Facebook privacy engineers in the social network’s Ad and Business Product Team, in full.
“We’ve built systems with open borders. The result of these open systems and open culture is well described with an analogy: Imagine you hold a bottle of ink in your hand. This bottle of ink is a mixture of all kinds of user data (3PD, 1PD, SCD, Europe, etc.)
“You pour that ink into a lake of water (our open data systems; our open culture) … and it flows … everywhere. How do you put that ink back in the bottle? How do you organize it again, such that it only flows to the allowed places in the lake?”
As Motherboard explains: 3PD means third-party data; 1PD means first-party data; SCD means sensitive categories data.
Another highlight in the document reads: “We can’t confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose.’ And yet, this is exactly what regulators expect us to do.”
The problem with the leaked Facebook document
So what’s the problem with this? Privacy regulation such as the EU Genereal Data Protection Regulation (GDPR)—which is thought of as the “gold standard” for people’s data protection rights—stipulates that data must be collected for a specific purpose. In other words, it can’t be collected for one reason, and then reused for something else.
The latest Facebook document shows the social network faces a challenge in complying with this, since it appears to lack control over the data in the first place.
“Not knowing where all the data is creates a fundamental problem within any business but when that data is personal user information, it causes huge privacy headaches and should be dealt with immediately,” says Jake Moore, global cybersecurity advisor at ESET.
A spokeswoman at Facebook owner Meta denies that the social network falls foul of regulation. “Considering this document does not describe our extensive processes and controls to comply with privacy regulations, it's simply inaccurate to conclude that it demonstrates non-compliance.
“New privacy regulations across the globe introduce different requirements and this document reflects the technical solutions we’re building to scale the current measures we have in place to manage data and meet our obligations."
Time to delete Facebook?
Facebook saw a decline in user numbers for the first time this year—which have since recovered slightly—as its data-hungry practices become more clear to all.
At the same time, Facebook has been hit hard by Apple’s App Tracking Transparency features, which allow people to prevent ad tracking on their iPhone. However, these features don’t prevent Facebook from collecting first party data—the data you provide to it on its site.
If you want to delete Facebook, I’ve written an article detailing the steps required to do so. If you are not quite ready yet, it’s worth considering deleting the app on your phone and instead using it on your computer's browser, to at least limit the amount of data Facebook can collect.