Regulators across the globe are grilling social media companies for stricter privacy measures. This will change how these companies handle their users' data in the first place. As it turns out, the fundamental problem with Facebook is that it has no idea where all of its user data goes or what the company is doing with it according to a leaked document.
The document was written by Facebook privacy engineers that were on the Ad and Business Product team. The mission of this team is to “to make meaningful connections between people and businesses."
The team is responsible for building and maintaining Facebook's massive ads system - the core of its business. The document reveals a rather alarming tone from the engineers who are making a call for change with respect to how Facebook deals with user data. It is very common for Facebook to run into regulatory and compliance issues regarding privacy of its users. The US, India, Europe and other countries are becoming more stringent about regulations which is putting a lot of social media companies including Facebook in trouble recently.
“We can’t confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose.’ And yet, this is exactly what regulators expect us to do”
Last year, previously leaked documents had revealed Facebook's failure in handling misinformation, believing that the leadership made decisions to avoid angering the Indian government. A researcher who set up an account as a user in India in 2019 found that by following Facebook's algorithm recommendations, they saw “more images of dead people in the past three weeks than I’ve seen in my entire life total,” according to The New York Times.
Facebook's own engineers are admitting that they are struggling to keep track of where user data goes once it's inside their systems. However, regulations like the EU's GDPR limits platforms like Facebook about how they can use their users' data. In its article 5, the GDPR law mandates that personal data must be “collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.”
This essentially means that every bit of data Facebook collects, can only be collected and used for a specific purpose and cannot be reused for another purpose. Facebook had been under the fire for using its users' phone numbers for its "people you may know" feature. After getting caught, the company had to eventually stop the practice.
The engineers tried to explain what's wrong with Facebook using an analogy inside the document:
Imagine you hold a bottle of ink in your hand. This bottle of ink is a mixture of all kinds of user data (3PD, 1PD, SCD, Europe, etc.) You pour that ink into a lake of water (our open data systems; our open culture) … and it flows … everywhere,” the document read. “How do you put that ink back in the bottle? How do you organize it again, such that it only flows to the allowed places in the lake?”
For reference, 3PD means third-party data; 1PD means first-party data; SCD means sensitive categories data.
The leaked document throws light on the fact that how data can become a mess in the absence of any efforts for data regulation from the beginning. Facebook says that even though it does not have any technical control over every piece of data, it is investing in tools to build the infrastructure needed to meet the requirements it may face.