Does Facebook actually know what it's doing with your personal data? According to a document from a case against Facebook that surfaced in late 2022, the company - apparently - doesn't know. The case has been ongoing since 2018 and has revealed a lot about Facebook's inner workings and how it handles user:inside data.
In a letter to the European Commission, the Irish NGO ICCL (Irish Council for Civil Liberties) has expressed doubts about Facebook's ability to comply with the EU Data Protection Regulation (GDPR) and the ePrivacy Directive (ePD). The letter cites documents from a U.S. court case, which point to internal data handling at Facebook that is far from legally compliant. This raises serious concerns about the social media giant's commitment to protecting the privacy of its users.
The lawsuit revealed that there has been a "data sprawl" within the company, making it difficult for Facebook to comply with the ePrivacy Directive and the General Data Protection Regulation (GDPR). Facebook has been unable to provide basic information about its internal data systems, including what personal data is stored and why it is processed. Facebook engineers even admitted that they (may) not know exactly what happens to user:s data and that Facebook is not able to account for the personal data it processes.
On the other hand, Facebook has already started limiting the data that is shared with other companies. This is to prevent data from multiple applications from being collected and merged into a single data set.
Despite this, the case points to a lack of control and accountability at Facebook when it comes to handling users' personal data.
In recent years, Facebook has repeatedly made headlines when it comes to handling the data of its users. The fact that Facebook collects a lot of data about its users has been known since 2018 at the latest:
One of the most well-known cases is the Cambridge Analytica scandal. In 2018, it became known that the British data analytics company Cambridge Analytica collected data from up to 87 million Facebook profiles without the knowledge and consent of users in order to personalize political advertising for the 2016 US presidential campaign. This incident showed that Facebook data can not only be used for advertising purposes, but can also be exploited politically.
The revelations could have significant consequences for Facebook, including possible legal action by regulators and a loss of trust among users. Facebook may also face penalties or fines.
The case raises serious concerns about the security of personal data stored by Facebook and highlights the need for stricter regulation and oversight of how technology companies handle their users' data - and that includes Facebook.
So what does this mean for you and your data? Your personal data on Facebook may not be as secure as you think. Facebook may not have any internal control over what happens to your data - you should be aware of this as soon as you use the company's services.
The allegations against Facebook's data use make it clear that companies need to be more transparent and accountable when dealing with users' personal data. Facebook is currently unable to account for what personal data it processes, who uses the data, and why. All of this calls into question the security of user data. Internal attempts to disaggregate Facebook's data usage have also not yielded meaningful results to date - so it remains questionable whether or not Facebook will gain adequate control over user data.