Facebook, one of the largest social media platforms in the world, has faced numerous controversies and criticisms when it comes to protecting user privacy and data. Over the years, Facebook has been involved in various scandals where users’ personal information was compromised or shared without consent. Some of the major privacy issues and concerns with Facebook include data sharing with third parties, Cambridge Analytica scandal, facial recognition technology, tracking users across the web and devices, privacy settings and controls, and more.
Data Sharing with Third Parties
One of the biggest criticisms Facebook faces is its data sharing practices and partnerships with third parties. Facebook makes money primarily through advertising and targeting ads based on user data. Over the years, Facebook has shared user data with thousands of business partners and developers to help better target ads and optimize services. However, much of this data sharing happened without explicit user consent. For example, in 2013 it was revealed that Facebook gave around 60 device makers access to user data including private messages.
In 2018, Facebook acknowledged that it had data sharing partnerships with around 150 companies including Microsoft, Amazon, Spotify, Netflix and more. These companies got access to users’ friends list, religious and political leanings, education history, relationship status and more. Such deals gave third parties extensive access to Facebook user data without users expressly permitting it or even being aware of it.
Lack of Transparency
Facebook has also faced backlash over its lack of transparency when it comes to data collection practices and sharing with third parties. Its privacy policy spreads over 15,000 words and is difficult for average users to understand. Facebook does not clearly inform users regarding how much data is being collected, how it is analyzed and shared and with whom. The platform relies on implicit consent rather than explicit opt-in from users. It generally assumes users agree to data collection and sharing by simply being on Facebook.
Consent Deals
In 2019, Facebook was fined $5 billion by the Federal Trade Commission (FTC) for deceiving users about their ability to control privacy settings. As per the FTC, Facebook had told users they can control who saw their posts while making it nearly impossible to stop third party apps from accessing data. The FTC also highlighted Facebook’s partnerships through which it shared data with third parties without seeking clear consent. As per the settlement, Facebook now requires developers to certify compliance with its policies and obtain user consent for data access.
However, Facebook is still criticized for broadly interpreting user consent when it comes to data sharing. For instance, it takes consent provided for security, ads and measurement purposes as consent to share data with other third parties for commercial benefit. Its “consent deals” have been described as deceitful and manipulating consent boundaries.
Cambridge Analytica Scandal
One of the biggest controversies surrounding Facebook’s privacy practices was the Cambridge Analytica scandal in 2018. Cambridge Analytica was a British political consulting firm that obtained data on up to 87 million Facebook users without their consent. The firm was able to gather detailed information on users’ personalities, friend networks, interests and beliefs by getting access to their profile info, content they had liked, and more.
Cambridge Analytica got this data by paying a third party app developer to build a Facebook quiz app that collected data not just on quiz takers but also their friends. At the time, Facebook allowed apps to gather data on users’ friends without their knowledge or consent. Cambridge Analytica combined this data with other online and offline information to create targeted political ads and messaging to influence voter behavior.
The scandal highlighted how Facebook’sloose privacy controls allowed third parties to access enormous amounts of user data for political manipulation and other purposes. It led to a massive backlash against Facebook and several investigations questioning its ethics and business practices. Mark Zuckerberg had to testify before the US Congress and Facebook was fined $5 billion by the FTC for deceiving users about privacy.
Lack of Monitoring
The Cambridge Analytica scandal revealed Facebook’s inability or unwillingness to monitor how third parties are using user data accessed through its platform. Facebook claimed it learned about the data misuse in 2015 and got Cambridge Analytica to delete the data. However, it did not disclose the scandal until 2018 when it was revealed by the media.
Facebook failed to keep tabs on developers and ensure data was not being misused or held without consent. The fact that Cambridge Analytica was able to gather detailed data on millions of users highlights Facebook’s inability to enforce its own policies and track how parties accessing user data are using it. This raised questions about oversight, auditing and compliance monitoring of Facebook’s partnerships.
Data Retention
Another issue the scandal highlighted was Facebook’s lack of restrictions around data retention. Even if users revoke app permissions, Facebook does not actually delete any previously collected data. This allows third parties to continue holding and using data collected earlier through Facebook. Cambridge Analytica was able to retain the profile information it had gathered even after Facebook demanded it be deleted.
Facebook’s default is to allow partners to retain data indefinitely unless specified otherwise in contracts. It does not have adequate controls around data deletion and retention when it comes to third parties. Users are also unable to request deletion of their data shared with apps and partners. This expansive and indefinite data retention increases privacy risks.
Facial Recognition Technology
Facebook’s use of facial recognition technology has long raised privacy concerns though the company maintains it helps improve user experience and safety. Facebook’s photo tagging feature uses face matching to suggest friends’ names to tag when a user uploads a photo. However, it does this without user consent and people are enrolled by default.
Facebook accesses the entire library of photos uploaded by a user to identify faces and create a unique face signature or map. Many users are unaware their biometric data is being collected in this manner for a feature they may not even be using. While users can opt out of tag suggestions, Facebook stores face data in other ways even for non-users.
For instance, the platform creates face signatures for faces detected in photos uploaded by your friends in which you are tagged. Users have no control over this. There are also concerns over potential misuse and lack of regulation around biometric data collection and storage.
Lack of Anonymization
Facebook claims it anonymizes face data by not associating it with names or other identifiers. However, researchers have expressed doubts over how anonymous Facebook’s face data really is. Even within an algorithm, each face signature is unique to a specific person. So even without a name, the face data could allow tracking and targeted advertising.
Research also shows face recognition algorithms have racial and gender bias issues leading to much higher error rates for women and darker skinned persons. So even anonymized data raises concerns over perpetuating discrimination through unethical use of biometric data based on Facebook’s face recognition.
Tag Suggestions
Facebook’s tag suggestions pose direct privacy risks by revealing identities without consent. The platform suggests people’s names to tag based on behind-the-scenes face matching, which users may not be aware is happening. Tagging someone adds their name to the photo and shares it on your newsfeed for all to see.
This takes away users’ choice to stay anonymous or selective over who they share photos with. Facebook introduced a facial recognition setting to disable tag suggestions in 2018. But it is still on by default for most people and needs to be proactively disabled.
Tracking Across the Internet
Facebook has also faced criticism for tracking user activity across the internet beyond its own platform through social plugins and pixels. Facebook Pixel is a tracking code websites can add to collect data on visitors to target ads and optimize their Facebook campaigns. The Like and Share buttons found on many websites also allow Facebook to track user behavior.
Even if you are logged out of Facebook, the presence of these plugins means your activity across websites is still being monitored by Facebook. They capture data points like the webpages you visit, what you click, watch or add to cart, device details, IP address and more. This allows Facebook to build detailed user profiles and target ads.
Lack of Transparency
What many users do not realize is the extent to which Facebook tracks activity across the internet through inconspicuous plugins. Their presence is rarely made obvious to site visitors. Without logging in or agreeing to any terms, users end up providing data to Facebook as they browse third party sites. There is a lack of transparency, disclosure and informed consent around this pervasive tracking.
Difficulty Avoiding Tracking
Avoiding online tracking by Facebook is also difficult given how prevalent its trackers are on external websites. Simply staying logged out does not stop the tracking because plugins like Facebook Pixel work in the background. Using tracker blockers, VPNs, incognito mode and other tools can help limit tracking but is challenging for average users.
Disabling tracking cookies also has limited impact when other fingerprinting techniques like device fingerprinting allow companies to identify users across sessions and track them. Overall, most users find it exceedingly difficult to prevent being tracked by Facebook across much of their online activity.
Tracking Across Devices
Facebook has also received flak for tracking users across their different devices. Even when you are logged out of Facebook, the company can identify and link various devices like mobile phone, laptop, tablet, etc. belonging to a user through unique combinations of identifiers.
This allows Facebook to connect user activity across devices to serve targeted ads and content. Identifiers used include IP address, mobile ad IDs, device make and model, operating system, browser type, device serial number, Wi-Fi network names, motion sensors, nearby Bluetooth devices and more.
Lack of User Control
Cross-device tracking fundamentally takes away user control since most people do not know about this technology, let alone consent to being tracked across their devices. This persistent tracking across devices, locations and networks makes it very hard for users to maintain any privacy from platforms like Facebook.
Fb4a and Atlas
Facebook has developed specific cross-device tracking tools like Fb4a and Atlas that use both on-device and network signals to identify users across multiple devices. Fb4a matches devices signed into the same Facebook account while Atlas tracks users logged out of Facebook. These devices graphs created through fingerprinting allow persistent tracking.
Facebook’s documentation claims Atlas does not associate identifiers with identities or profiles. But experts argue there are few technical barriers to re-identification given the volume of unique identifiers being matched. This leaves scope for exploiting the data.
Privacy Settings and Controls
Facebook has also faced criticism when it comes to its privacy settings and user controls being confusing, ineffective and spread across over 20 screens. Key settings are buried deep while privacy-invasive defaults are more prominent. There is inconsistencies and lack of context in permissions.
For example, Facebook frames app permissions as users “choosing to share” data even if it is to access basic app features or content from friends. Settings are scattered across different places with messaging, facial recognition and location settings in different areas. Options for limiting data gathering by Facebook itself are lacking compared to controls for third parties.
Dark Patterns
Experts have called out the use of deceptive design or dark patterns that nudge users towards privacy invasive options. For instance, when users try to limit data use, Facebook pushes popups warning them this will prevent recommendations and ads “tailored for you.” Emails warning users they will miss out on notifications or friend requests aim to discourage privacy controls.
No Easy Opt-Out
There is no simple universal way for users to opt out of data collection and targeting. Turning off personalized ads still allows generic ads based on activity across websites and apps tracked by Facebook. Data gathered for ‘security purposes’ is exempted from controls. Facebook also retains data indefinitely with no deletion option. Overall, controls are piecemeal and do not allow comprehensive opting out.
Other Controversies
Apart from the above issues, Facebook has been at the center of various other privacy-related controversies over the years including:
- Research app collecting private data of users and their friends
- Exposing contact details of 1.5 million users to be indexed by search engines
- Giving advertisers special access to user data and activity even off Facebook
- Allowing employers, landlords, lenders to target ads excluding ethnic groups
- Logging Android call and text data without permission
- Leaking passwords for hundreds of millions of users
- Exposing photos of up to 6.8 million users via API bug
- Sharing user data with Chinese tech companies
- Ascribing users’ email contacts to their accounts without permission
These incidents highlight troubling practices around default public sharing, unclear consent terms, and mishandling of user data. They have contributed to the erosion of public trust in Facebook’s ability to be ethical and transparent around privacy.
Conclusion
Facebook’s series of privacy scandals and controversies have highlighted its questionable data collection and sharing practices that compromise user privacy. Despite apologies and policy revamps after each scandal, Facebook has struggled to convincingly show it puts user privacy first. Its business model centers around maximizing data collection for ad targeting.
Critics argue Facebook has a monopoly on social data and lacks accountability around protecting privacy. Its consent mechanisms are misleading and privacy controls ineffective. Comprehensive federal privacy legislation has been seen as necessary to adequately regulate Facebook versus its internal self-regulation. Facebook claims it has learned from past mistakes. However, only time will tell if it can rebuild user trust through transparent privacy practices that respect consent.