Leaked document warns that Facebook has no clue how it handles your data
For years, the community's main gripe with Facebook has been that it collects a lot of personal data, which it later sells to advertisers. And now, a leaked internal document obtained by Motherboard warns that the social media platform has no idea where all of its acquired user data is going or what it is being used for (via Engadget).
The report was written last year by Facebook's privacy engineers on the Ad and Business Product team, and its goal was to inform about the gaps in the way the platform processes personal information and to encourage a change in an attempt to protect the company from problems with privacy regulators in Europe, the US, India, and other countries.
According to the engineers, the company will be unable to fully comply with regulator-imposed privacy laws that come from everywhere as a "tsunami" of new laws that impose restrictions. They stated, “We do not have an adequate level of control and explainability over how our systems use data, and thus we can't confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose.’ And yet, this is exactly what regulators expect us to do, increasing our risk of mistakes and misrepresentation.”
The reason for Facebook's data privacy problem is that its systems mix first-party user data, third-party user data, and sensitive data together. To be even more understandable, the engineers used the metaphor of pouring a bottle of ink into a lake and then trying to return it to the bottle.
The ink is a mix of all kinds of user data, and once "poured," there are no ways to organize it to "only flow to the allowed places in the lake?"
As the engineers pointed out, there is a "short-term" solution in the form of a new, unreleased service called "Basic Ads," which, if implemented, will allow Facebook to comply with international regulations. The document reads, “When launched, Facebook users will be able to ‘opt-out’ from having almost all of their 3P and 1P data used by Ads systems - page likes, posts, friends list, etc.”
Although Facebook declined to comment on this "short-term" solution, a representative of the company shared that Basic Ads is "an internal codename, and that the product will show that Facebook can build advertising that is relevant to users while preserving their privacy."
In a statement to Motherboard, a Facebook spokesperson stated that the company is complying with privacy regulations. Also, it can't be determined that the report shows non-compliance because it doesn't describe the platform's extensive processes and controls used to comply with privacy standards.
The spokesperson also stated that regulations across the world introduce different requirements for the company to fulfill and that the document simply shows what measures the company is working on to be able to implement them.
Facebook won't be able to fully comply with data privacy laws
According to the engineers, the company will be unable to fully comply with regulator-imposed privacy laws that come from everywhere as a "tsunami" of new laws that impose restrictions. They stated, “We do not have an adequate level of control and explainability over how our systems use data, and thus we can't confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose.’ And yet, this is exactly what regulators expect us to do, increasing our risk of mistakes and misrepresentation.”
The reason behind Facebook's problem
The reason for Facebook's data privacy problem is that its systems mix first-party user data, third-party user data, and sensitive data together. To be even more understandable, the engineers used the metaphor of pouring a bottle of ink into a lake and then trying to return it to the bottle.
The ink is a mix of all kinds of user data, and once "poured," there are no ways to organize it to "only flow to the allowed places in the lake?"
A short-term way for Facebook to solve this problem
As the engineers pointed out, there is a "short-term" solution in the form of a new, unreleased service called "Basic Ads," which, if implemented, will allow Facebook to comply with international regulations. The document reads, “When launched, Facebook users will be able to ‘opt-out’ from having almost all of their 3P and 1P data used by Ads systems - page likes, posts, friends list, etc.”
The sad part is that the report also states that Basic Ads must be "launch-ready in Europe by January 2022." January has come and gone, but this service hasn't been released yet.
Although Facebook declined to comment on this "short-term" solution, a representative of the company shared that Basic Ads is "an internal codename, and that the product will show that Facebook can build advertising that is relevant to users while preserving their privacy."
What's Facebook's position regarding the leaked document?
In a statement to Motherboard, a Facebook spokesperson stated that the company is complying with privacy regulations. Also, it can't be determined that the report shows non-compliance because it doesn't describe the platform's extensive processes and controls used to comply with privacy standards.
The spokesperson also stated that regulations across the world introduce different requirements for the company to fulfill and that the document simply shows what measures the company is working on to be able to implement them.
Things that are NOT allowed: