Facebook doesn't have full control over how its systems use user data.
”
Author | Qiao Yanwei
Facebook is facing a "tsunami" of privacy regulations around the world that will force the company to drastically change the way it handles users' personal data. According to a document leaked from Facebook, the root cause of Facebook's "disaster" is that they themselves do not know the purpose and whereabouts of user data.
The leaked document, written last year by a privacy engineer in Facebook's advertising and commercial products team, which is tasked with "making meaningful connections between people and businesses," was described as "at the center of Facebook's monetization strategy and the engine driving the company's growth," according to a recent facebook job listing.
The team's mission is to build and maintain Facebook's vast advertising system, which is at the heart of the company's business. In the filing, the team issued a warning and called for changes to the way Facebook handles user data to prevent the company from clashing with regulators in Europe, the United States, India and other countries that are pushing for stricter privacy restrictions on social media companies.
"We don't have full control over how the system uses this user data, so we can't confidently make a strong commitment to the outside world that we won't use X data for Y purposes,' the document reads. However, this is exactly what regulators want us to do, which increases our risk of error and false positives. ”。
In other words, in the document, even Facebook's own engineers admit that once user data enters Facebook's systems, it's hard for them to figure out where it goes. Facebook internally refers to the issue as "data lineage."
In recent years, regulators around the world have tried to limit the use of user data by platforms such as Facebook. One of the most well-known and important regulations is the European Union's General Data Protection Regulation (GDPR), which came into force in May 2018. Article 5 of this stipulates that personal data must be "collected for specific, explicit and lawful purposes and shall not be processed in a manner inconsistent with these purposes". ”
This means that every piece of data facebook obtains, such as a user's location or religious orientation, can only be collected and used for specific purposes, and cannot be used for other purposes.
A Facebook spokesperson denied the leaked document showed the company violated privacy regulations.
"Considering that this document does not describe the extensive processes and controls we have in our compliance with privacy regulations, it is not rigorous to use this document as evidence of our breach of privacy regulations." New privacy regulations around the globe introduce different requirements, and this document reflects the technology solutions we are building to extend our existing measures for data management and compliance with legal obligations. The spokesperson said in a statement sent via email.
Some privacy experts say they believe the document acknowledges Facebook's inability to comply with regulations. The experts have previously been fighting Facebook, hoping that its use of private data will be restricted.
"This document attests to our long-standing skepticism: that Facebook has a data inside that is freely available to everyone, and that the company has no control over the data it holds," Johnny Ryan, a privacy activist and senior researcher at the Irish Civil Liberties Council, said in an interview. "This is a clear acknowledgment by Facebook that it doesn't have any protection for user data. Facebook detailed how it violates the principles of data protection law. Everything it does to our data is illegal. People shouldn't have free internal data. ”
Facebook also arranged for two employees to discuss how to handle the data internally. On the phone, Facebook representatives told the media that they were trying to build infrastructure before privacy laws were in place to meet the requirements the company might face.
This means investing in tools that make the process of analyzing user data and data usage more automated and less reliant on labor in the process.
Jason Kint, CEO of Digital Content Next, said, "Consumers and regulators will also be shocked by the size and disorder of the data within Facebook's systems. ”
Kint argues that Facebook cannot track the "origin and purpose" of the user data it collects. He was referring to Article 5 of the GDPR, which has a fine rule known as "restriction of purposes."
Ryan argues that the rule means companies like Facebook must tell users and regulators how each particular piece of data is processed and used. For example, if you include religious orientation on your Facebook resume, that personal information shouldn't be used for advertising.
This "purpose restriction" rule was established to protect people's privacy. In 2020, Ryan filed a lawsuit against Google in Ireland, accusing the tech giant of violating the bylaw by mixing "hundreds of purposes of data use that need to be processed to form a vast internal database that is free and open to all."
Ravi Naik, a privacy expert and lawyer representing Ryan at the time, told the media that if regulators believe Facebook violated GDPR regulations, the company could not only face administrative fines of up to 4 percent of its global revenue, but also tear open a hole for regulators to further tighten their use of user data in the future.
Individual users can also sue Facebook, asking them to tell them what their data is used for, such as The allegations that Naik and Ryan made against Google.
END
![Avoiding user data privacy breaches Porsche has adopted a new data privacy policy[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)