Tell the FTC: Stop TikTok, Facebook and other companies from selling our personal data
Do you know where your data is? Because Facebook doesn’t.
Facebook isn’t sure where all the data it collects on its users goes. Apparently neither is Twitter.
Revelations about the scale of data collection by social media companies, and the risks these practices pose to users, just keep on coming. At a Congressional hearing this week, a Twitter whistleblower alleged that it would be extremely difficult for the company to track down all the places the data it collects on its users ends up. Earlier this month in a court hearing, Facebook engineers admitted to the same problem.
When the social media giants were getting their start, there were practically no rules or regulations they had to follow when it came to the new sprawling data collection and advertising apparatus they were building. According to reports, teams inside the companies were given extreme autonomy around what database tools they built and what data they could use to do it. The result was an incredibly complex system funneling data around these companies in ways that not even its engineers fully understand.
Now, facing increasing (and much needed) regulations, the companies are grappling with what to do with the data wild west they’ve built. It appears that Facebook could be in violation of Europe’s General Data Practices Regulation (GDPR) that requires companies to be able to report why they collect the data they do and all the ways in which it’s used. According to a leaked document from earlier this year, Facebook is aware of these potential violations. As one engineer wrote, “we can’t confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose.’ And yet, this is exactly what regulators expect us to do, increasing our risk of mistakes and misrepresentation.”
What’s obvious is that this system needs an overhaul. A simple solution is to require companies to follow the principles of data minimization: companies should only gather data that’s strictly necessary for delivering the service a user is expecting to get, and use it for only that purpose. Requiring this standard would make it easier to hold companies to account for what they do with our data.
Topics
Authors
R.J. Cross
Director, Don't Sell My Data Campaign, PIRG
R.J. focuses on data privacy issues and the commercialization of personal data in the digital age. Her work ranges from consumer harms like scams and data breaches, to manipulative targeted advertising, to keeping kids safe online. In her work at Frontier Group, she has authored research reports on government transparency, predatory auto lending and consumer debt. Her work has appeared in WIRED magazine, CBS Mornings and USA Today, among other outlets. When she’s not protecting the public interest, she is an avid reader, fiction writer and birder.
Find Out More
Apple AirPods are designed to die: Here’s what you should know
New report reveals widespread presence of plastic chemicals in our food
FTC goes after second tax prep firm, H&R BLOCK joins INTUIT TURBOTAX for deceptive claims of “Free tax prep”
