Internal Facebook Documents Reveal It’s Not Sure What Happens to Your Data

Internal Facebook Documents Reveal It’s Not Sure What Happens to Your Data

Over the years Facebook and its parent company Meta have been embroiled in numerous privacy-related incidents. The company been accused of bring reckless with user data many times, and according to internal documents we now know why: its systems were designed that way.

The folks over at Vice have gotten their hands on an internal Facebook document written by privacy engineers. The document was prepared to advise the company’s leadership on “inbound regulations” regarding how it uses its customers’ data. Overall, It doesn’t paint a pretty picture. The engineers note Facebook was “surprised” by new regulations coming from the EU and India that restricted its use of first party data. They go on to explain these new regulations are “setting the stage for a global regulatory push toward consent for 1P [first person] data use in Ads.” Gee, imagine that.

The document notes that previously Facebook’s policy enforcement was insufficient, on any timeframe, for “second party concerns.” That translates to other entities inquiring about its sale of customer data, such as an enforcement agency. This sets up a problem for Facebook; with stricter rules likely coming down the pike, how will it respond? The short answer is it can’t, because it’s not set up that way. Quoting from the document:

“We do not have an adequate level of control and explainability over how our systems use data, and thus we can’t confidently make controlled policy changes or external commitments such as “we will not use X data for Y purpose.” And yet, this is exactly what regulators expect us to do, increasing our risk of mistakes and misrepresentation.”

Internal Facebook Documents Reveal It’s Not Sure What Happens to Your Data

The engineers then offer a damning analogy of how it all works. You know, just in case they needed to spell it out for the C-suite. The document states:

“We’ve built systems with open borders. The result of these open systems and open culture is well described with an analogy: Imagine you hold a bottle of ink in your hand. This bottle of ink is a mixture of all kinds of user data (3PD, 1PD, SCD, Europe, etc.) You pour that ink into a lake of water (our open data systems; our open culture) … and it flows … everywhere. How do you put that ink back in the bottle? How do you organize it again, such that it only flows to the allowed places in the lake?” For context, 3PD is third party data, 1PD is first party data, and SCD is sensitive categories data.

A spokesperson for Facebook refuted the claim that the document showed Facebook might not be in compliance with some laws. “New privacy regulations across the globe introduce different requirements and this document reflects the technical solutions we are building to scale the current measures we have in place to manage data and meet our obligations,” the spokesperson told Vice. The Facebook rep also said the document is being taken out of context. This is because it doesn’t “describe our extensive processes and controls to comply with privacy regulations.”

An example of the scale of the problem is the engineers say Facebook uses 15 thousand features in its ad models. In order to produce one single feature, which is “user_home_city_moved,” it requires six thousand reference points. Multiply this scenario by the almost three billion daily Facebook users, and you can see the scale of the problem.

Regardless of the size of the task, Facebook will need to figure out a way to keep a closer eye on its users’ data. This is somewhat adjacent to the warning the EU sent to Elon Musk this week. Upon his acquisition of Twitter, he was reminded of the recently passed Digital Services Act. This places much stricter controls over how big tech companies handle content moderation. The world of regulation is changing for these companies outside the US currently, and in a big way. It’s a situation the authors of the document described clearly, “We face a tsunami of inbound regulations that all carry massive uncertainty.”

Continue reading

FTC Files Antitrust Case to Break Up Facebook
FTC Files Antitrust Case to Break Up Facebook

New York Attorney General Letitia James has announced a major antitrust case against Facebook, which will be joined by 47 other state and regional AGs. And that's not all: the Federal Trade Commission (FTC) is filing a separate case against Facebook later today.

Signal, Facebook Spar Over Ads Disclosing What Facebook Knows About You
Signal, Facebook Spar Over Ads Disclosing What Facebook Knows About You

Signal claims Facebook banned it for speaking truth to millions of people. Facebook claims Signal made the whole thing up. Welcome to the internet, where the validity of everything is disputed and everyone is mad about it.

Facebook Announces a New Oculus VR Feature: In-Game Ads
Facebook Announces a New Oculus VR Feature: In-Game Ads

Facebook will soon build ads into your VR games. The company claims the advertising will benefit developers, but it appears to have something else in mind.

Facebook Force-Fed Garbage to 140 Million Americans a Month
Facebook Force-Fed Garbage to 140 Million Americans a Month

Facebook refused and ignored its own staff's attempts to improve the service, even after it knew its own algorithms were feeding people low-quality content they didn't want to see.