An internal document leaked to Motherboard revealed that Facebook isnโt having proper insights into how it stores and secures the user data.
The report was written by Facebookโs Privacy engineers last year, where they stated that Facebookโs policies force them to combine the sensitive data first-party data and third-party data into one, making it harder to retrieve the specific one later.
Also, they warned that Facebook with these policies may face challenges with growing data regulations around the world. A Facebook spokesperson denied these allegations.
Improper Handling of User Data
Facebook is already tangled with a number of controversies around safeguarding user data. Adding to this, a new report shared with Motherboard reveals more shocking truths about how Facebook is handling the user data, including its policies on keeping an โopen borderโ system.
The report was authored by Privacy engineers on Facebookโs Ad and Business Product team who wrote suggestions on how Facebook can handle the growing number of data usage regulations around the world.
They noted that Facebook previously had the โthe โluxuryโ of addressing privacy regulations one at a time, like the EUโs GDPR and the California Consumer Privacy Act. But with more countries (like India, South Korea, South Africa, and Thailand) coming up with their own data regulations, it will be hard for Facebook to address them in prompt time.
And itโs because of the improper policies Facebook is having towards user data handling. Engineers said the company follows an โopen borderโ rule that dumps and combines all the first-party data, third-party data, and sensitive data into one โ which makes it harder for them to retrieve the specific data point later.
They compared this with a drop of ink being spilled into an ocean and trying to put it back in the ink bottle. They specifically noted this as;
โWe do not have an adequate level of control and explainability over how our systems use data, and thus we canโt confidently make controlled policy changes or external commitments such as โwe will not use X data for Y purposeโ.โ
Though they warned this could increase their risk of mistakes and misrepresentation.ย Yet, Facebook didnโt seem to care and continued with the approach. Although, a Facebook spokesperson denied these allegations in response as;
โConsidering this document does not describe our extensive processes and controls to comply with privacy regulations, itโs simply inaccurate to conclude that it demonstrates non-compliance.โ