Do you still have your Facebook account? If so, how often do you use it? If you answered yes to the first question and “hardly ever” to the second, take this as your hint to delete your account. VICE recently published a leaked document from Facebook engineers that proves that they actually have no way of controlling where your data goes or how it’s used.
Facebook Doesn’t Actually Know Where Your Data Goes
Around the world, online privacy policies are ramping up. Countries are cracking down on what social networks can do with user data and putting increasingly strict restrictions on how they can use that data. This means that Facebook will have to make some pretty big changes to how it handles this information.
These changes, unfortunately, will be a very big (and possibly impossible) task for Facebook to achieve. Why? Because, as the company recently admitted in a leaked document, they actually have no idea what they are actually doing with all their user data, nor do they know where it all goes.
A System With Open Borders
Facebook engineers wrote a letter to the administration explaining why complying with various user data regulations will be next to impossible for them. Somehow, either because someone leaked the document or it was hacked, that internal document was leaked. VICE has published the document in full. To explain the situation better, they used an analogy of pouring a bottle of ink into a lake of water. (1)
“We’ve built systems with open borders. The result of these open systems and open culture is well described with an analogy: Imagine you hold a bottle of ink in your hand. This bottle of ink is a mixture of all kinds of user data (3PD, 1PD, SCD, Europe, etc.) You pour that ink into a lake of water (our open data systems; our open culture) … and it flows … everywhere. How do you put that ink back in the bottle? How do you organize it again, such that it only flows to the allowed places in the lake?” they wrote in the document. (2)
In the document, 3PD refers to third-party data, 1PD first-party data, and SCD sensitive categories data). They went on to say that, truthfully, they won’t be able to comply with the various regulations being put in place around the world.
“We can’t confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose.’ And yet, this is exactly what regulators expect us to do” they wrote.
Ads Are At The Core
The engineers that wrote the letter are part of Facebook’s Ad and Business Product Team. These are the people who build Facebook’s incredibly vast and intricate ad system – the way in which Facebook generates revenue. They wrote this letter last year, warning the company that if they don’t change the way they deal with user data, they could run into regulatory trouble.
Even The Engineers Are Struggling
In the document, Facebook’s very own engineers admitted that they are even struggling to keep track of the data, where it goes, and how it’s used once it’s inside the ad system. The problem is with something called the company’s “data lineage”.
Countries around the world have been setting out new regulations for how platforms like Facebook can use user data. One of the most significant is from Europe. This law mandates the following:
“(that the user data is) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.”
This means that every bit of information collected has to be done so for a specific purpose. They then can’t take that already collected data and re-use it for another purpose. This document shows that Facebook might not even be able to prevent this.
A spokesperson for the company in a statement said that the document does not show that Facebook is not complying with regulations. Rather, they say that this document shows solutions that they are building to ensure that they meet the security standards.
“Considering this document does not describe our extensive processes and controls to comply with privacy regulations, it’s simply inaccurate to conclude that it demonstrates non-compliance. New privacy regulations across the globe introduce different requirements and this document reflects the technical solutions we are building to scale the current measures we have in place to manage data and meet our obligations,” the spokesperson said in an email to VICE.
They then said that the analogy of the lake and the ink lacks context. The spokesperson said that they do, in fact, have extensive controls and processes to monitor and control where data goes and how it is used. For this reason, they said Facebook is, in fact, complying with security regulations.
For now, it is up to every individual Facebook user to decide. If you are fine with the company having your data and perhaps not knowing exactly what’s done with it, continue using Facebook. If you are concerned about your data, however, it may be time to finally delete your account once and for all.
Keep Reading: If Facebook isn’t spying on me, why did I get ads for what I just spoke about?