Social media is the #1 activity on the web, as people of all ages and backgrounds share news, photos, videos and other content with their online friends and communities. As a result, private thoughts have become public information.
Facebook is the world’s most popular social medium, with a total U.S. audience of some 230 million. Facebook uses the content you provide – as well as other data it collects – across its various products (Facebook, Instagram, Messenger, Oculus and WhatsApp).
While Facebook and other social media and search sites like Google are free to users, there is a great deal of value in the data that users generate. Their business models typically involve selling that information to advertisers, research firms or other companies seeking to understand their target markets. As they say in Silicon Valley, “If the product is free, YOU are the product.”
Facebook CEO Mark Zuckerberg recently testified before Congress following the disclosure that London research firm Cambridge Analytica gained access to the private information of 87 million Facebook users and “friends,” and used that data to identify American voters and attempt to influence their opinions.
Facebook’s New Policy
Responding to the Cambridge Analytica scandal, Facebook recently updated and expanded its data policy for the first time since late 2016. There are a number of revealing details about users’ information in the new policy:
- The breadth and depth of the data collected by Facebook from its users is truly expansive. Among other things, Facebook collects address book data, text message and call logs, user location (even with GPS turned off), app usage details (when, how and for how long the app is used), content viewed by the user, purchases, web sites visited, device attributes (battery level, signal strength, available storage), other apps installed on your device or PC, mouse and window activity, “nearby” devices, and more.
- Much of this information is collected regardless of whether you are logged on to Facebook. This wealth of information is supposedly collected to improve the user experience. However, as the Cambridge Analytica scandal illustrates, it is also sold to third parties for profit.
- Facebook collects data from users that users do not even know they possess. For example, hidden data stored in photographs, videos, and sound files tells Facebook their precise location, date, time, camera settings, and filters. They can be further processed by Facebook to extract additional information such as faces, landmarks or text. Although Facebook does not appear to currently use facial recognition technology, it reserves the right to do so in the future.
- Facebook can use information collected from users across any of its platforms (Facebook, Instagram, Messenger, WhatsApp, etc.), regardless of a user’s accounts.
- Although Facebook no longer automatically shares information about your “friends” network with third parties (such as developers and advertisers), these parties can still request and obtain the information from Facebook. It is not clear when, if ever, a request for this data would be turned down.
- There is no set timeframe for Facebook to remove user data, regardless of any period of inactivity by the user. Although some specific data may be automatically deleted after a “sunset period,” the majority of user data is retained indefinitely under a “case-by-case determination.”
- Even if a user chooses to turn off “personalized ads,” Facebook will continue to collect and track the user’s information. A user of Facebook (or any of its platforms) does not have the ability to opt out of this form of tracking.
- Users have no ability whatsoever to learn of, much less control, data Facebook collects about them from other users. In other words, no matter how careful users are about their privacy settings in Facebook, one or two careless “friends” in their network may free Facebook to collect and share their data.
Data privacy rules
The European Parliament, which has long had more stringent rules than the United States on collecting and using personal data, adopted the General Data Protection Regulation (GDPR) in 2016. The new regulation takes effect on May 25, and requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The GDPR also regulates the exportation of personal data outside the EU.
In response, American multinationals such as Facebook and LinkedIn will be moving the responsibility for personal data away from their Irish headquarters in the European Union, to offices in the United States. By the time the GDPR takes effect, those users will be on sites governed by United States law rather than Irish law.
The Federal Trade Commission has been monitoring Facebook and its privacy policies for years. On March 20, FTC Commissioner Terrell McSweeny issued the following statement: “The FTC takes the allegations that the data of millions of people were used without proper authorization very seriously. The allegations also highlight the limited rights Americans have to their data. Consumers need stronger protections for the digital age such as comprehensive data security and privacy laws, transparency and accountability for data brokers, and rights to and control over their data.”
As social media users, we all need to read and understand the terms and conditions of use for Facebook and other sites so we can make informed decisions about what content to share and what other actions to take to protect our privacy. We should also stay informed, events are fast-moving.
There is a great deal of controversy over whether social media should be regulated by the government, or whether the tech industry can be relied on to adopt privacy measures that would be more responsive, adaptable and more technologically advanced than government might dictate. There are First Amendment concerns to balance, as well as worldwide economic, legal and political issues. The power inherent in the volume of data, and in the ways it might be used is truly unimaginable.
Leslie Lott and Ury Fischer, board certified intellectual property attorneys, are partners at Lott & Fischer in Coral Gables.