Is It Time For Facebook To Finally Come Clean About Our Data?

Is It Time For Facebook To Finally Come Clean About Our Data?

More to the point, the company reminds us that it is under no obligation to actually clarify any of its data sharing practices and that it can pick and choose what information to share with the public about their data is being used. As The New York Times puts it in the opening sentence of its latest expose, “for years, Facebook gave some of the world’s largest technology companies more intrusive access to users’ personal data than it has disclosed, effectively exempting those business partners from its usual privacy rules.” The Times documents an astonishing and bewildering array of partnerships and agreements that allowed companies across the world, including Russian and Chinese companies, privileged access to the personal, private and intimate data of Facebook’s user community. The company once again argues that all of these companies were “partners” and “service providers” of Facebook’s such that it was under no obligation to inform the FTC of the extent to which it was still sharing its users’ data. In other words, in Facebook’s telling, you have no right to complain, you clicked a button at some point in your life that you didn’t understand and had no idea what it did, but you clicked it and in doing so granted it the legal right to do what it wanted with your data. What if Facebook manually required you to formally review and authorize every single non-human access to your data, whether by an outside company or by Facebook itself for its own research? The Times reports that Facebook’s privacy team did not review all data sharing agreements equally and that the level of review “depended on the specific partnership and the time it was created.” This raises questions about Facebook’s data ethics review team that has responsibility for overseeing all of Facebook’s own research using your personal data and research by outside academics granted access to your “anonymized” private data. The fact that its privacy team did not review all of Facebook’s partnerships with equal scrutiny raises similar questions about its research ethics board. The company declined to comment on most of the details of the Times expose, especially surrounding consent and the extent of those data sharing agreements. When asked how the company would respond to criticism that its two billion users deserve to have answers to all of the concerns raised in the Times piece, since ultimately all of those questions revolve around how the company is handling their personal data, the company did not respond. It also did not respond when asked why it had not been more forthcoming about the full and complete extent of all of these data sharing agreements and clearly educated its users about its practices and the privacy tradeoffs behind all of the Facebook integrations they saw across the web and mobile worlds.

Google Shutters Google+ After Security Flaw Exposed Data Of At Least 500,000 Users
Facebook hired a forensics firm to investigate Cambridge Analytica as stock falls 7%
Snapchat Advertising: Is It Working? New Research
Mark Zuckerberg in 2007 presenting some of the ways Facebook can target its users. (AP Photo/Craig Ruttle, file)

Another week, another story about Facebook sharing its users’ data without their knowledge or consent. This past June Facebook argued that granting access to your personal private data to more than 60 companies didn’t count as “sharing” because those companies were “partners” and “providers.” In reaction to yesterday’s expose by the New York Times documenting even more massive and egregious data sharing with a much wider assortment of companies, Facebook once again argues that they were merely all “partners” and that there is nothing to see here. More to the point, the company reminds us that it is under no obligation to actually clarify any of its data sharing practices and that it can pick and choose what information to share with the public about their data is being used. Is it time for Facebook to finally just come clean about all of the ways it is using, sharing and selling access to our data?

As The New York Times puts it in the opening sentence of its latest expose, “for years, Facebook gave some of the world’s largest technology companies more intrusive access to users’ personal data than it has disclosed, effectively exempting those business partners from its usual privacy rules.”

The Times documents an astonishing and bewildering array of partnerships and agreements that allowed companies across the world, including Russian and Chinese companies, privileged access to the personal, private and intimate data of Facebook’s user community.

The company once again argues that all of these companies were “partners” and “service providers” of Facebook’s such that it was under no obligation to inform the FTC of the extent to which it was still sharing its users’ data. As Facebook clarified to the Times, it was under no obligation to secure informed consent for external data sharing because even the Royal Bank of Canada and Microsoft were merely considered extensions of itself.

In its response to the Times’ latest expose, Facebook offered a brief response that did not actually deny any of the allegations, but rather took on an almost indignant tone. Users could use Facebook from other devices and services so they obviously knew their data was being shared and besides, you “sign[ed] in with your Facebook account” so you gave full informed consent and knowing permission for it to share your data in any way the company wished.

The problem with this response is that just because a user logs into an outside service using their Facebook login, they likely don’t realize all of the permissions and rights they are granting that website to their data. Similarly, just because they see they can post to Facebook from their streaming music app or get personalized results from their search engine, doesn’t mean they realize that that music app now has full unrestricted access to all their private messages or that Microsoft is building profiles of Facebook users on its own servers.

Just because users see a “Post to Facebook” button or glimpse Facebook posts on another site does not at all mean that they understand the privacy cost underlying those features.

Facebook’s two billion users all recognize that they are using a free website and that because it is free it must be generating revenue somehow. Few of those users, on the other hand, are fully aware of the ultimate extent to which Facebook is monetizing them and exploiting their personal information.

Facebook notes that in every one of these sharing agreements, the user clicked a button at some point in their history that legally authorized it.

In other words, in Facebook’s telling, you have no right to complain, you clicked a button at some point in your life that you didn’t understand and had no idea what it did, but you clicked it and in doing so granted it the legal right to do what it wanted with your data.

It is noteworthy that nowhere in Facebook’s response is there any form of apology. No acknowledgement that perhaps it could have done better in making its users aware of just how widely their data was accessible or all of the privacy tradeoffs that underlay all of those Facebook options and content they saw across the web and mobile worlds.

Imagine for a moment if Facebook followed Estonia’s model of absolute consent and for every single application or research project that wanted your data, it gave you a complete description of how it wanted to use your data…

Pin It on Pinterest

Shares
Share This