Facebook collects data from non-users in a variety of ways, even if you don’t have an account. This allows them to build shadow profiles of people who aren’t on the platform and target ads to them. Here are some of the main ways Facebook gathers data on non-users:
Pixels and Cookies on Websites
Many websites have Facebook pixels or cookies installed on them. These allow Facebook to track your browsing activity across the web. For example, if you visit a site that has a Facebook pixel, it will communicate information about your visit back to Facebook. This allows Facebook to learn about your interests and build a profile on you for ad targeting.
Facebook also uses cookies to track non-users across websites. If you’ve ever “Liked” something on Facebook in the past, they can connect this previous activity to your browser fingerprints. Many non-users are surprised to find they’ve been assigned a unique Facebook ID number for identification.
Information from Friends
If your friends upload their contact books, Facebook gleans data about you from them. For example, it can learn your phone number, email, address and more. Friends may also tag you in photos or posts. While you can untag yourself, Facebook still stores the data connection.
Friends might also share information about you in their posts and messages. Although you can ask them to remove it, Facebook will have already collected the data.
Shared Company Information
Facebook purchases data about non-users from data brokers, advertisers, and other companies. For example, if you share your email with a company for purchase or registration, they might pass it to Facebook to improve ad targeting.
Acxiom, Datalogix, Epsilon, and BlueKai are some of the companies that Facebook purchases non-user data from.
Device Identifiers
Facebook can use unique device identifiers like an Advertising ID or IDFA number to track activity across apps. Even if you don’t have a Facebook account on your phone, they can use these device identifiers to track which sites and apps you use.
Device fingerprinting techniques can also identify non-users by looking at the specific combination of settings and installed fonts on your device.
Facebook Login and Share Buttons
Websites that include Facebook Login or Share buttons send information to Facebook as soon as you load the page. This allows them to identify non-users visiting millions of sites across the web. The data shared can include your IP address, browser details, the webpage URL, and more.
Offline Data Partnerships
Facebook also buys data about non-users from offline sources. This includes information collected by banks, retailers, car dealerships, loyalty programs, and more. They use this info to flesh out your profile for ad targeting.
Instagram, WhatsApp and Oculus
Facebook can also collect data on non-users through its other platforms like Instagram, WhatsApp and Oculus. Information gleaned on any of these platforms can be used by Facebook to improve targeting.
How Does Facebook Use This Non-User Data?
Facebook uses the data collected on non-users in a few key ways:
- To build detailed profiles for ad targeting
- To make lookalike audiences to market to
- To suggest the user sign up for an account
- To support security initiatives and detect bot attacks
Ultimately, the goal is to continuously collect data so they can serve users personalized ads. Non-user data helps fill in gaps to inform their ad targeting models.
Some Key Statistics on Facebook’s Non-User Data Collection
Here are some eye-opening statistics that highlight Facebook’s data collection on non-users:
| Statistic | Data Point |
| Facebook users | 2.8 billion monthly active users (Q3 2019) |
| Non-Facebook users | Over 1 billion shadow profiles (estimation) |
| Tracking reach | Over 70% of sites have Facebook trackers |
| Partner data | Facebook has over 150 offline data partners |
| Revenue from non-users | Estimated up to $20 in revenue per non-user annually |
Is Facebook’s Non-User Data Collection Allowed?
Facebook claims it is compliant with relevant laws like the European GDPR and CCPA when collecting data on non-users. However, privacy advocates argue they are stretching interpretations for data exploitation. Some key points on the legality:
- GDPR requires opt-in consent for data collection, which non-users have not provided
- CCPA gives California residents the right to opt-out of data sales, but unclear if Facebook complies
- FTC fined Facebook $5 billion in 2019 for general privacy violations
- Laws have struggled to keep pace with technological data collection practices
While Facebook maintains it follows applicable laws, regulators and privacy groups counter their practices unfairly exploit personal information without sufficient consent or control.
How Can Non-Users Limit Facebook’s Data Collection?
Here are some steps non-users can take to restrict Facebook’s tracking and data gathering:
- Use an ad/tracker blocker – Browser extensions like uBlock Origin prevent pixels and cookies from loading.
- Opt out of offline data sharing – Direct marketing associations like DMAChoice let you opt out.
- Turn off ad personalization – Go to Facebook Ad Preferences and turn off ad personalization.
- Delete previous account – If you had an old Facebook account, delete it entirely.
- Limit info given to friends – Be careful which personal data you let friends share.
- Delete cookies/data – Clear cookies and site data from your browser to remove Facebook’s access.
While these steps can help reduce the reach of Facebook’s data collection, true control ultimately lies in their hands. Without intervention by lawmakers and regulators to limit their practices, Facebook has the technology and capacity to gather large amounts of data on non-users from myriad sources.
Conclusion
Facebook’s data collection on non-users is extensive, opaque, and concerning for many. Through online trackers, partnerships with external data brokers, device fingerprinting, and acquiring user information from friends – Facebook can build very detailed profiles on people without their knowledge or consent.
While Facebook claims it follows relevant laws, privacy advocates counter that their practices exploit personal information. Non-users have limited ability to restrict Facebook’s data gathering since they rely on obscure techniques. Moving forward, regulators may need to strengthen laws to rein in Facebook’s pervasive surveillance of both users and non-users across the internet.