Facebook has always been in the eye of the hurricane due to poor handling of user data. Scandals like Cambridge Analytica, hacks, or frequent failures that violate people's privacy have been enough to put the company in the sights of regulators. Now a leak confirms what many suspected: Facebook is not able to control what it does with your information.
A document that came into the hands of Motherboard exposes the reality of the platform and lights red lights in the face of the "tsunami" of privacy regulations. The text, written by engineers from the Ads and Commercial Products team at Meta, indicates that they have no control over the use of user data or where it goes.
We lack closed format properties on Facebook systems. For more than a decade, openness and empowerment of our individual contributors have been part of our culture. We have built systems with open borders.
A closed format would be a system capable of listing and controlling all the data that enters, is generated and the use that is given to it within the platform. "If we can't list all the data we have, where it is, where it's going, or how it's used, then how can we engage with the world about it?" privacy engineers say.
The internal document dates from 2021 and anticipates the wave of regulatory restrictions that the company would face during that year. The authors list shocking regulations from India, Thailand, South Korea, South Africa, Egypt, and the United States. "We have had the luxury of addressing one (regulation) at a time (GDPR in 2018, FTC in 2019, CCPA in 2020). This is no longer the case."
"We are facing a tsunami of regulations that carry great uncertainty"
To understand the seriousness of the problem, Facebook's privacy engineers draw an analogy.
Imagine that you have a bottle of ink in your hand. This bottle is a mixture of all kinds of user data. […] You pour the ink into a lake (our open data systems, our open culture)… and it flows… everywhere. How do you get that ink back in the bottle? How do you organize it again, so that it only flows to the allowed places in the lake?
The systems that drive advertising, the backbone of Meta's revenue, are built in such a way that it is impossible to comply with regulations. The document states that controlled policy changes or commitments to "not use X data for Y purpose" cannot be made without considerable investment in fine-tuning the system.
The leak also details the points to attack in order to meet the requirements of the regulators, although this represents a complex task that not even its own employees believe is possible. "Facebook has a general idea of how many bits are stored in their data centers. The part where they go is, generally speaking, a complete shit show," said a former employee of the company.
Facebook needs a considerable investment to change its systems
Although Meta did not deny the existence of the document, it did anticipate that it does not describe "its extensive processes to comply with privacy regulations." He also told Motherboard that the ink in the lake analogy lacks context.
According to Facebook engineers, addressing its systems challenges will require several years of additional investment in its infrastructure. Only in this way can you have control over how data is entered, processed and generated.
The company confided in the media that they are trying to anticipate privacy laws by building systems that meet the requirements of regulators. Facebook ensures that this is a priority in the company, although we all know that this is a worn speech.
The reality is that poor data management, rampant misinformation or a culture of hate are problems that are unlikely to solve. After all, Meta would prefer to close its services in Europe or other regions before complying with the regulation.