Facebook Admitted To Lack Of Control Over User Data In Leaked Document

Facebook doesn't have a particularly stellar record when it comes to ethically handling user data, and now a leaked internal paper suggests the company has seemingly lost control over managing the massive cache of data it collects and how it is used. An internal document allegedly written by the company's Ad and Business Product team was leaked to Motherboard, and it gives a glimpse into how bad the situation may be at Facebook, at least when it comes to responsible collection and utilization of user data.

The paper likens the situation to a bottle of ink (which represents user data) that is poured into a lake (that is, Facebook's vast data processing systems). Once that happens, the leaked document states, there is no way to control the flow of that ink or recover it. "We do not have an adequate level of control and explainability over how our systems use data," says the report, which was primarily written to highlight how that situation may land Facebook in regulatory troubles.

It further adds that solving the problem would require multiple years in order to create a system that would give Facebook a clear picture of how user data flows through its systems, right from the collection via its products to its eventual exit from the whole framework. Regulations such as the EU's General Data Protection Regulation (GDPR) specifically mandate that user data collected for a purpose should be explicitly declared and must not be utilized anywhere else. Facebook appears to fare poorly at that parameter.

A lawsuit away from billions in fines

Facebook representatives, on the other hand, claim that the company is at work building the required infrastructure to meet the criteria set by regulations such as GDPR, but it already follows a user-facing opt-out system that ensures the collected data cannot be used elsewhere. However, the representatives also told Motherboard that the company "does not have technical control over every piece of data" that enters its servers. The situation at Facebook is not too different from that of Amazon.

In November 2021, a WIRED investigation revealed a worryingly fragmented system of data storage at Amazon that allegedly allowed employees to regularly stalk their acquaintances, as well as celebrities. In Facebook's case, if regulators in Europe take issue with how it is reportedly flouting the GDPR norms, the company could face a hefty fine of up to 4% of its annual global revenue. As per the leaked material, Facebook reportedly had a product called "Basic Ads" that was supposed to be ready for deployment in Europe by the start of 2020, but that product is yet to make its debut.

No clue about where user data goes

Basic Ads would reportedly have let users deny access to all third-party and first-party data, such as posts and likes, for Facebook's advertisement systems, a premise that sounds very much like its own version of App Tracking Transparency. Facebook's data collection has already had its wings clipped with the release of Apple's ATT (App Tracking Transparency) framework that lets users opt out of an app's data collection, something that has seriously hurt the company's ad business. Moreover, the situation sounds very much ripe for another Cambridge Analytica-like scandal.

The leaked internal document clearly states that if Facebook can't pinpoint where exactly user data is currently sitting in its systems and how it is used, the company won't ever get in a position where it can " make commitments about it to the outside world." Following the leak, a Facebook spokesperson denied any non-compliance with privacy regulations, but those assertions may not stand a chance in a court if the information in the leaked document proves true.