An internal document leaked to Motherboard revealed that Facebook isn’t having proper insights into how it stores and secures the user data.
The report was written by Facebook’s Privacy engineers last year, where they stated that Facebook’s policies force them to combine the sensitive data first-party data and third-party data into one, making it harder to retrieve the specific one later.
Also, they warned that Facebook with these policies may face challenges with growing data regulations around the world. A Facebook spokesperson denied these allegations.
Improper Handling of User Data
Facebook is already tangled with a number of controversies around safeguarding user data. Adding to this, a new report shared with Motherboard reveals more shocking truths about how Facebook is handling the user data, including its policies on keeping an “open border” system.
The report was authored by Privacy engineers on Facebook’s Ad and Business Product team who wrote suggestions on how Facebook can handle the growing number of data usage regulations around the world.
They noted that Facebook previously had the “the ‘luxury‘ of addressing privacy regulations one at a time, like the EU’s GDPR and the California Consumer Privacy Act. But with more countries (like India, South Korea, South Africa, and Thailand) coming up with their own data regulations, it will be hard for Facebook to address them in prompt time.
And it’s because of the improper policies Facebook is having towards user data handling. Engineers said the company follows an “open border” rule that dumps and combines all the first-party data, third-party data, and sensitive data into one – which makes it harder for them to retrieve the specific data point later.
They compared this with a drop of ink being spilled into an ocean and trying to put it back in the ink bottle. They specifically noted this as;
“We do not have an adequate level of control and explainability over how our systems use data, and thus we can’t confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose’.”
Though they warned this could increase their risk of mistakes and misrepresentation. Yet, Facebook didn’t seem to care and continued with the approach. Although, a Facebook spokesperson denied these allegations in response as;
“Considering this document does not describe our extensive processes and controls to comply with privacy regulations, it’s simply inaccurate to conclude that it demonstrates non-compliance.”