In turn, Facebook will use this information to “understand how services are used”, “improve services”, “make suggestions for you”, “personalise features and content”, and “show relevant offers and ads across the Facebook Company Products”. In short, find other Facebook services to sell to you based on your information, for example connecting Facebook Pay to pay for transactions on WhatsApp, or chatting with your WhatsApp contacts on Portal (yet another Facebook product).
The concern: Facebook and data protection are not mutually compatible
information. This means that if someone gets hold of that information they can work out who you are pretty quickly, and Facebook’s data protection record makes some interesting reading.
Just some of the recent Facebook and data protection stories include:
In 2019 they were fined $5bn by the Federal Trade Commission (FTC) and an additional £500,000 in the UK under the old Data Protection Act (pre-GDPR) for their part in the Cambridge Analytica scandal.
The FTC said in their settlement statement that the fine was levied on Facebook because despite promising users that they have control over how their personal information is shared with third parties, they facilitated the harvesting of information from Facebook to Cambridge Analytica. In this case, a Facebook quiz was used to collect information not just about the people who took the test, but their Facebook friends as well. The way that this information was collected was part of a flaw in Facebook’s infrastructure, which allowed developers to access information without authorisation (and many did).
In 2018 it was revealed that between 2011 and 2018 Facebook used phone numbers registered by users for two factor authentication to target them for ads. In addition to these phone numbers, the researchers discovered that Facebook was also mining other information about users available on the internet (and not provided directly to Facebook), and using it to target ads.
At the same time as the FTC gave their ruling on Facebook’s involvement with Cambridge Analytica, the US Securities and Exchange Commision (SEC) claimed $100 million in charges against Facebook for making misleading disclosures regarding how it handled user data. And in 2018, a report by the New York Times revealed that Facebook shared access to user data with other large tech firms, including Amazon, Microsoft, Sony, Huawei, Yandex, and more, affecting users all over the world.
The list goes on, showing how Facebook’s quest for user information that can be used to make a profit is constantly evolving and finding new ways to violate users’ privacy.
Facebook and information protection responsibilities
Under regulations such as the GDPR, California Consumer Privacy Act (CCPA), and other nation states (for example the newly non-EU UK), companies of all sizes have responsibilities towards their users when it comes to collecting, storing, transferring, or using their personal information. Failure to take these responsibilities seriously will result in fines of up to €10m, or 2% of global turnover (whichever is higher). While fines don’t seem to stop Facebook, they are a serious deterrent to other companies.