The information comes courtesy of an internal report drafted by privacy engineers at Facebook’s Ad and Business Product team. It was then leaked to Motherboard (via Engadget). The entire document is currently available on DocumentCloud. “We do not have an adequate level of control and explainability over how our systems use data,” the engineers said in the report. The leaked report also talks about dealing with new data usage regulations and privacy laws around the world. The privacy engineers caution that it could be challenging to make any promises to countries about handling their citizens’ data. Moreover, the report’s authors cite the unavailability of “closed-form” systems as one of their biggest hurdles. To put it simply, Facebook utilizes a sort of “open borders” borders policy. The company stashed all kinds of data together, including third-party data, first-party user data, and other sensitive data. To get their point across, the engineers offer the example of dropping ink on a lake of water and trying to get it back.
Facebook was concerned about new data protection laws across the world
“This bottle of ink is a mixture of all kinds of user data (3PD, 1PD, SCD, Europe, etc.) You pour that ink into a lake of water (our open data systems; our open culture) … and it flows … everywhere. How do you put that ink back in the bottle? How do you organize it again, such that it only flows to the allowed places in the lake?” Meanwhile, the engineers also express concern about the rapidly changing data protection laws across the globe. Countries like India, South Africa, South Korea, and Thailand introduced stricter data protection laws recently, adding to Facebook’s woes. The leaked document also shows a fair bit of concern from the engineers about data laws, wondering if the company can manage the “tsunami” of new laws that could bring further data regulations. However, Meta rejected the notion that it is not complying with privacy laws. “Considering this document does not describe our extensive processes and controls to comply with privacy regulations, it’s simply inaccurate to conclude that it demonstrates non-compliance,” a company spokesperson told Motherboard. “New privacy regulations across the globe introduce different requirements and this document reflects the technical solutions we are building to scale the current measures we have in place to manage data and meet our obligations.” The size of Facebook means that the company had access to ridiculous amounts of data. However, it’s quite astounding that the company hasn’t figured out how to effectively store sensitive data. While Facebook has denied the claims, this certainly won’t be the last we hear about it.
