Facebook has no idea what most of its user data is used for, leaked document suggests
Social media company Meta (earlier Facebook) does not know where all of its user data goes or what it does with it, according to a leaked internal document seen by Motherboard.
A leaked document appears to suggest that Facebook doesn't understand what most of its user data is used for.
Facebook's Ad and Business Product team compiled the leaked paper, which goes back to last year.
The team is in charge of Facebook's vast advertisement system, which is the primary source of revenue for the social media network.
Facebook's privacy engineers stated in the document that things are getting out of hand as the platform has no real way of tracking the data of its 2.9 billion users after it enters Facebook's automated processes.
First-party user data, third-party data, and even sensitive data are all stored together due to "open borders," eventually making it difficult to manage a single piece of the data.
According to the paper, there's no way to know whether or not the data originated directly from Facebook after it's consolidated. It warns that this corporate strategy concerning data management will make it practically hard to commit to policy reforms in future.
The ad ops team also used an example to communicate their concerns about the overflowing data to the supervisors.
"Imagine you hold a bottle of ink in your hand," it wrote. "This bottle of ink is a mixture of all kinds of user data."
"You pour that ink into a lake of water (our open data systems; our open culture) … and it flows … everywhere," it continues.
"How do you put that ink back in the bottle? How do you organize it again, such that it only flows to the allowed places in the lake?," it asks.
The leak comes as Meta faces intense scrutiny in various countries over its data gathering practices, collecting personal information from unwitting users for purposes such as ad targeting.
The European Union's General Data Protection Regulation (GDPR), which requires personal data to be "collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes," is one of the key regulations enacted against the company.
In a statement to Motherboard, a Meta representative denied that the leaked paper demonstrates the company's failure to follow privacy standards.
The spokesperson said it is wrong to assume that document exhibits non-compliance as it doesn't describe the firm's processes and controls to comply with privacy legislation.
"New privacy regulations across the globe introduce different requirements, and this document reflects the technical solutions we are building to scale the current measures we have in place to manage data and meet our obligations," the spokesperson said.
To keep track of first-party data, the company's privacy team has presented a plan to annotate data with Purpose Policy Framework (PPF), that is to say, tag it as being originated on Facebook.
To do this, the firm will have to funnel "tens of thousands" of uncontrolled data input points into a "choke point."
The data will be annotated with PPF policy as it reaches the "choke point", allowing the firm to correctly monitor the user data it is responsible for.