Facebook's privacy engineers have seemingly admitted that the company doesn't know how it handles user data. Privacy has always been a touchy subject for Facebook, with the company often coming under attack for not doing enough to protect user data from unauthorized access. While the Cambridge Analytica scandal from 2018 brought Facebook's privacy issues to public consciousness, it has had multiple data breaches since then, with vast amounts of user data exposed to malicious actors.
One of the most significant Facebook data breaches in recent memory came last year when the personal data of over 533 million Facebook users was posted online. The data was reportedly from 2019 and included names, birthdays, locations, phone numbers, and, in some cases, email addresses. The data breach was said to be the result of an old vulnerability in Facebook and reportedly affected users from at least 106 countries. In addition to security vulnerabilities, Facebook's privacy practices have also come under the scanner from time to time. The latest admission from the company's engineers is likely to add to the existing privacy concerns for users.
A leaked internal document obtained by Motherboard suggests that neither Facebook nor its parent company Meta knows how the vast amounts of data on its platform are being used, where it's going, and who is accessing it. The document, which was written last year by Facebook's privacy engineers on the Ad and Business Product team, further says that the company doesn't have the level of control required over its user data to be able to commit to not using certain types of data for specific purposes. "We can't confidently make controlled policy changes or external commitments such as 'we will not use X data for Y purpose,' " read the document.
Facebook Denies Allegations Of Dubious Privacy Practices
According to the report, the document was created by Facebook to lay the groundwork for compliance with privacy regulations in Europe, the U.S., India and other countries. As part of stricter privacy requirements for tech companies, regulators insist that certain types of user data cannot be used for targeted ads or shared with third parties. However, if the document is anything to go by, Facebook has so little idea about how it is using user data that it cannot legally commit to abide by those regulations without a serious risk of "mistakes and misrepresentation."
In an emailed statement to Motherboard, a Facebook spokesperson denied that the document correctly represents how it handles user data. According to the spokesperson, the company has put together "extensive processes and controls to comply with privacy regulations," and it would be incorrect to say that it is not complying with regulatory requirements. Meanwhile, privacy experts cite the document as further proof that they were right all along about Facebook's dubious privacy practices. Talking to Motherboard about the document, Johnny Ryan, a privacy activist and senior fellow at the Irish Council for Civil Liberties, said that the document shows there's no data protection mechanism within the company. According to him, there's a data free-for-all within Facebook, and "Everything it does to our data is illegal."
Source: Motherboard