In January 2023, Meta Platforms, Inc. which owns Facebook, Instagram, and WhatsApp announced an updated Privacy Policy. This policy change has raised questions and concerns among users about how their data will be collected, shared, and used across Meta’s family of apps and technologies.
What triggered the privacy policy update?
According to Meta, the update was driven by the company’s vision of the metaverse and plans to develop new social, entertainment, and shopping experiences in virtual and augmented reality. To support these new products and features, Meta says it needs to process more information about users and enable new forms of data collection. For example, Meta cited plans to access additional data from device sensors to enable mixed reality experiences.
The updated policy will also support Meta’s efforts to integrate the infrastructure underlying Facebook, Instagram, WhatsApp, and Messenger. This could allow more data sharing and interoperability between the apps. For example, Facebook user profiles could be linked to WhatsApp accounts to enable cross-platform advertising and recommendations.
When does the new policy take effect?
The updated Meta Privacy Policy will go into effect on July 26, 2023. Users will need to agree to the new terms of service by that date in order to continue using Meta’s platforms. Existing users will receive notifications and prompts to accept the new policy.
What types of data will Meta collect under the new policy?
The updated privacy policy enables Meta to collect a wider array of data points about users including:
- Precise location data
- App, file, and content usage
- Transaction and shopping information
- Biometric data such as faceprints and voiceprints
- Information about nearby networks, devices, and signals
By consolidating data across its platforms, Meta stated it can gain a more holistic view of each user and enable more personalized, relevant experiences.
How does the policy impact data sharing?
The updated policy expands Meta’s ability to share user data across its platforms and with third parties such as advertisers, developers, and partners. For example:
- User content and information may be shared between Facebook, Instagram, Messenger, and WhatsApp to provide joined experiences like cross-posting Stories.
- Data may be shared with advertisers to enable targeted ads based on user activity across Meta’s services.
- Partners and developers may gain access to user data to enable integrations and experiences between third-party apps and Meta’s platforms.
Users will have some ability to limit data sharing between specific Meta services in their account settings. But opting out of sharing altogether will be difficult under the new policy.
How will Meta use biometric data?
The updated Privacy Policy will allow Meta to collect biometric data like faceprints and voiceprints through applications like Facebook View, augmented reality filters, and Portal video calling devices. Meta states this data will allow users to interact in the metaverse using their physical identity and enable personalized recommendations.
Specifically, Meta may use biometric data for functions like:
- Facial recognition – to identify users in photos, videos, and the metaverse
- Personalized content – to customize AR effects based on facial shape
- Identity verification – to authenticate secure access and transactions
- Ads targeting – to determine user demographics for targeted advertising
Critics have raised concerns about the expanded collection of sensitive biometric data without explicit consent from users. Meta claims users will have transparency over how their biometric information is used.
How does Meta plan to use location data?
Previously, Meta only accessed approximate location information like city-level locations. The updated policy allows Meta to collect precise, real-time location data from users’ devices. According to Meta, this will enable location-based features like:
- AR overlays and filters based on exact locations
- Location-based ads, recommendations, and content
- Virtual and augmented reality experiences anchored to real-world locations
- Location-based safety features
Users will be able to manage location sharing to some extent in their device and app settings. But Meta acknowledges disabling location services altogether may impact functionality.
Can users delete data collected by Meta?
Under the updated policy, Meta expands users’ ability to request data deletion. Users can now demand deletion of additional categories of data including:
- Precise location histories
- Face recognition templates
- Voice recognition templates
- Personal call and message logs
However, data deletion requests may not apply to cached or archived versions of data. And users cannot preemptively opt-out of data collection under the new policy – only request removal after the fact.
Is there any way for users to fully opt-out?
Under the updated policy, the only way for users to fully opt-out of data collection is to delete their accounts. Meta acknowledges that completely disabling its data collection and sharing practices will require account deletion.
Of course, this means users will lose access to Meta’s platforms like Facebook and Instagram. For many users, this may not be a viable solution even if they disagree with the company’s data practices.
What steps can users take if they disagree with the privacy update?
If users are uncomfortable with Meta’s updated privacy terms, they can take measures like:
- Review all privacy settings and limit data sharing where possible – users may be able to restrict some collection and interoperability in their account settings.
- Be more selective about what information they share on Meta platforms.
- Delete old posts, photos, videos, and other content they no longer want associated with their account.
- Install privacy-enhancing web browser extensions that block online trackers.
- File complaints with regulatory bodies like the FTC if they feel Meta is engaging in deceptive data practices.
- Speak out on social media and demand accountability from Meta leadership.
However, aside from deleting their accounts entirely, users have limited options to fully block Meta’s data policies under the new terms of service.
How has the public reacted to the privacy policy changes?
Meta has faced significant public backlash over the privacy policy overhaul. Critics argue the company is:
- Deceptively broadening data collection under the premise of “supporting the metaverse.”
- Taking advantage of its market dominance in social networking to force users to accept invasive terms.
- Obscuring privacy risks by consolidating policies across its platforms.
- Misleading users by claiming they have “choices” around data sharing when opt-outs are largely illusory.
In addition to public outrage, Meta is facing increased regulatory scrutiny over its data practices. Lawmakers have accused the company of overriding users’ privacy preferences to enable hyper-targeted advertising.
Meta claims the policy changes are necessary to develop an “optimistic vision of the metaverse.” But critics argue the company is compromising user trust and disregarding ethical data collection practices in pursuit of profits.
Could the privacy policy face legal challenges?
Legal experts say Meta may face challenges to the privacy policy update on a few grounds:
- Deceptive trade practices – Regulators could argue Meta is deceiving consumers about data collection in order to unlawfully increase profits.
- Antitrust violations – Meta may face accusations of unfairly exploiting its market dominance to coerce users into invasive terms of service.
- Privacy laws – Existing regulations like GDPR and CCPA may constrain Meta’s ability to unilaterally broaden data collection without explicit consent.
- Biometric data – Unique biometric data laws may require Meta to implement strict consent and compliance mechanisms before collecting faceprints and voiceprints.
However, Meta will argue the policy changes are necessary for innovation and provide users transparency. Unless stronger social media privacy regulations are passed, legal challenges to the policy itself will face an uphill battle.
Could Meta delay or revise the policy in response to backlash?
In response to public criticism, Meta may consider delaying full enactment of the updated privacy policy to allow for an educational period. This could help avoid further backlash and ease user concerns about drastic overnight changes.
Meta leadership could also issue clarifications on key points of concern like biometric data usage and cross-platform sharing. Additional transparency about how new data will actually be used could help temper privacy worries.
However, a full policy rollback is unlikely given Meta’s strategic interests. At most, the company may offer new controls or restrictions to grant users more granular consent, without actually reducing data collection capabilities.
Ultimately, Meta has determined access to cross-platform data is crucial for its metaverse vision. The company is betting that public outrage will subside as users become accustomed to the new normal of social media data sharing.
Conclusion
Meta’s sweeping privacy policy changes raise pressing concerns about user data exploitation. The updated terms broadly expand Meta’s ability to collect sensitive personal information and share data across its platforms without full opt-out consent.
Users are rightfully alarmed about the potential privacy erosion. However, Meta has deemed pervasive data collection as necessary to provide integrated and personalized experiences across virtual and augmented reality.
With limited options to prevent policy enactment, users can only voice opposition and be more selective in how they engage with Meta’s platforms going forward. At a minimum, the policy controversy underscores the urgent need for updated regulations to match Meta’s wide-ranging data ambitions.