Internal Facebook Documents Reveal It’s Not Sure What Happens to Your Data

Internal Facebook Documents Reveal It’s Not Sure What Happens to Your Data

Over the years Facebook and its parent company Meta have been embroiled in numerous privacy-related incidents. The company been accused of bring reckless with user data many times, and according to internal documents we now know why: its systems were designed that way.

The folks over at have gotten their hands on an internal written by privacy engineers. The document was prepared to advise the company’s leadership on “inbound regulations” regarding how it uses its customers’ data. Overall, It doesn’t paint a pretty picture. The engineers note Facebook was “surprised” by new regulations coming from the EU and India that restricted its use of first party data.

They go on to explain these new regulations are “setting the stage for a global regulatory push toward consent for 1P [first person] data use in Ads.” Gee, imagine that.

The document notes that previously Facebook’s policy enforcement was insufficient, on any timeframe, for “second party concerns.” That translates to other entities inquiring about its sale of customer data, such as an enforcement agency. This sets up a problem for Facebook; with stricter rules likely coming down the pike, how will it respond? The short answer is it can’t, because it’s not set up that way. Quoting from the document:

“We do not have an adequate level of control and explainability over how our systems use data, and thus we can’t confidently make controlled policy changes or external commitments such as “we will not use X data for Y purpose.” And yet, this is exactly what regulators expect us to do, increasing our risk of mistakes and misrepresentation.”

The leaked document plots anticipated regulatory action from countries around the world. The legend describes much work it will require. (Image: Vice)

The engineers then offer a damning analogy of how it all works. You know, just in case they needed to spell it out for the C-suite. The document states:

“We’ve built systems with open borders. The result of these open systems and open culture is well described with an analogy: Imagine you hold a bottle of ink in your hand. This bottle of ink is a mixture of all kinds of user data (3PD, 1PD, SCD, Europe, etc.) You pour that ink into a lake of water (our open data systems; our open culture) … and it flows … everywhere. How do you put that ink back in the bottle? How do you organize it again, such that it only flows to the allowed places in the lake?” For context, 3PD is third party data, 1PD is first party data, and SCD is sensitive categories data.

A spokesperson for Facebook refuted the claim that the document showed Facebook might not be in compliance with some laws. “New privacy regulations across the globe introduce different requirements and this document reflects the technical solutions we are building to scale the current measures we have in place to manage data and meet our obligations,” the spokesperson told Vice. The Facebook rep also said the document is being taken out of context. This is because it doesn’t “describe our extensive processes and controls to comply with privacy regulations.”

An example of the scale of the problem is the engineers say Facebook uses 15 thousand features in its ad models. In order to produce one single feature, which is “user_home_city_moved,” it requires six thousand reference points. Multiply this scenario by the almost , and you can see the scale of the problem.

Regardless of the size of the task, Facebook will need to figure out a way to keep a closer eye on its users’ data. This is somewhat adjacent to the to Elon Musk this week. Upon his acquisition of Twitter, he was reminded of the recently passed Digital Services Act. This places much stricter controls over how big tech companies handle content moderation. The world of regulation is changing for these companies outside the US currently, and in a big way. It’s a situation the authors of the document described clearly, “We face a tsunami of inbound regulations that all carry massive uncertainty.”

Now Read:

Facebook Twitter Google+ Pinterest
Tel. 619-537-8820

Email. This email address is being protected from spambots. You need JavaScript enabled to view it.