Facebook’s inability to manage user data is reflected in a latest report. Facebook is reportedly unable to account for much of the personal user data under its ownership. This includes what it is being used for and where it’s located, according to an internal report leaked to Motherboard.
Facebook’s Commitment to Manage User Data
Privacy engineers on Facebook’s Ad and Business Product team wrote the report in 2021, intending it to be read by the company’s leadership. It detailed how Facebook could address a growing number of data usage regulations, including new privacy laws in India, South Africa and elsewhere. The report’s authors described a platform often in the dark about the personal data of its estimated 1.9 billion users.
The engineers warned that Facebook would have difficulty making promises to countries on how it would treat and manage user data of its citizens. “We do not have an adequate level of control and explainability over how our systems use data, and thus we can’t confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose,’” wrote the report’s authors. “And yet, this is exactly what regulators expect us to do, increasing our risk of mistakes and misrepresentation.”
Lack of Closed-form Systems
Facebook’s main obstacle to tracking down user data appears to be the company’s lack of “closed-form” systems, the report states. In other words, the company’s data systems have “open borders” that mix together first-party user data, third-party user data and sensitive data. To describe how difficult it is to track down specific Facebook’s data, the report’s authors came up with the metaphor of pouring a bottle of ink into a lake… and then trying to get it back in the bottle:
The authors state that Facebook previously had “the ‘luxury’ of addressing [new privacy regulations] one at a time,” like the EU’s GDPR and the California Consumer Privacy Act. But subsequent years brought more data protection legislation from all over the world, including India, Thailand, South Africa and South Korea. The document casts doubt on if Facebook has been able to comply with such legislation, and if it’s equipped to weather the “tsunami” of new laws that make similar restrictions. (A Facebook spokesperson denied to Motherboard that the company is not currently complying with privacy regulations.)
Also Read: What is new with Meta’s Horizon Worlds?
