Facebook has been alleged multiple times for poor handling of its users’ data. Scandals like Cambridge Analytica, hacks, or frequent failures that violate people’s privacy have been enough to put the company in the crosshairs of regulators.
Now a leaked internal document dating back to 2021, obtained by Motherboard, hints that Facebook does not list all of its users’ data and has no idea where it is going or how it is being used.
The report was written by Facebook privacy engineers on the Ad and Business Product team and was intended to report gaps in the way the platform processes personal information and advocate for change in an attempt to protect the company from problems with regulators in Europe, the United States and other countries.
In the document, the company admits that it does not know where this user data will end up specifically; in this statement, it could be read that they do not have “an adequate level of control and explainability over how our systems use data, and thus we can’t confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose.’ And yet, this is exactly what regulators expect us to do, increasing our risk of mistakes and misrepresentation.“
To understand the seriousness of the problem, Facebook’s privacy engineers draw an analogy.
“Imagine you hold a bottle of ink in your hand. This bottle of ink is a mixture of all kinds of user data (3PD, 1PD, SCD, Europe, etc.) You pour that ink into a lake of water (our open data systems; our open culture) … and it flows … everywhere. How do you put that ink back in the bottle? How do you organize it again, such that it only flows to the allowed places in the lake?“
The systems that drive advertising, the backbone of Meta’s revenue, are built in such a way that it is impossible to comply with regulations.
According to Facebook engineers, addressing its systems challenges will require additional several years of investment in its infrastructure. Only in this way can you have control over how data is entered, processed and generated.
