Leaked Facebook doc suggests platform has no control over how data is processed — Analysis
The social media behemoth admits it can’t keep track of the data it collects on users
Facebook acknowledged that even its own privacy engineers struggle to understand how users’ personal data is processed and stored in a recently-leaked document published by Motherboard on Wednesday.
“We’ve built systems with open borders,” the document, written by privacy engineers working on the Ad and Business Product team, laments, likening the platform’s data management systems to a “Bottle of ink” comprised of different kinds of user information. “You pour that ink into a lake of water (our open data systems; our open culture) … and it flows … everywhere,” the team explains.
“What is the best way to put ink in a bottle? What can you do to organize the ink so that it flows only where it is allowed?” the team asked, describing the conundrum as a “fundamental” problem for Facebook.
“We can’t confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose’. Yet, regulators demand that we do exactly this.,” the document, written in 2021, continues. The model is supposed to sit “The center of [Facebook’s]Monetization strategy [act as] the engine that powers Facebook’s growth,” yet the company’s own employees clearly struggle to understand the basic concepts underpinning that strategy.
The issue, referred to as “data lineage,” is at the core of recent legal developments in multiple countries regarding how social media data is used. If Facebook collects a user’s phone number for the stated purpose of securing the individual’s account with two-factor authentication, for example, it is illegal to feed it to the platform’s “People you might know” feature under the EU’s 2018 General Data Protection Regulation law. Gizmodo, a tech blog, caught Facebook doing this shortly after it was passed. The platform was forced to end the practice.
As governments – including the EU, India, and the US – pass increasingly stringent regulations aimed at controlling speech on social media, the inability of Facebook employees to manage or even understand how their platforms handle user data is becoming an increasingly serious issue.
The leaked document obtained by Motherboard suggests employees may not even be able to limit the use of individuals’ data, due to the sheer volume of information collected on a daily basis.
While a Facebook spokesperson denied the document constituted evidence it was not complying with privacy regulations, an employee who spoke to the outlet on the condition of anonymity argued that, if anything, the paper’s condemnation of Facebook’s cluelessness didn’t go far enough. “Facebook can give you an idea about how many data bits are in its data centres. You can find the where [the data] goes part is, broadly speaking, a complete s***show,” the employee told Vice in an online chat, suggesting it gave Facebook “Coverage under the law” because of how much it would cost the company to “Fix this problem.”
“It gives them the excuse for keeping that much private data simply because at their scale and with their business model and infrastructure design they can plausibly claim that they don’t know what they have,” the employee explained.
Social network fined €17mn for privacy breach
Privacy activist and senior fellow at the Irish Council for Civil Liberties Johnny Ryan told Motherboard that the document “Facebook has admitted what we have known for many years: There is an open data pool within Facebook and the company doesn’t control the data that it keeps.”
“It’s a clear recognition of the lack of data protection. Facebook describes how Facebook violates each principle in data protection law. It is criminal to do anything with our data. You’re not allowed to have an internal data free-for-all,” Ryan insisted.
The document warns that a “Multi-year investments in Ads or our Infrastructure Teams” will be required in order to “Take control of the data that our systems consume, process and emit” in order to bring the platform into compliance with the current regulatory climate, warning that restrictions on the use of individuals’ private data “The world’s consent movement will only continue to grow as more people agree.”
There is a flood of new regulations coming into our country, all with huge uncertainty.