Leaked Meta Document Suggests The Company May Not Know Where All Its Personal Data Is (Free Preview)

Leaked Meta Document Suggests The Company May Not Know Where All Its Personal Data Is (Free Preview)
Photo on Pixabay by geralt

This is the free version of yesterday's post on the a leaked document from Meta/Facebook.

Subscribe today for all the paywalled material posted on The Wavelength. Subscriptions are available for $250 a month and less for an annual subscription. I think you'll find the value to cost ratio is high with The Wavelength.

You can find previously posted content on technology policy, politics, and law on Substack and my blog.

This morning, Vice published an article based on a leaked 2021 Meta/Facebook document written by Facebook engineers who conceded that the company cannot trace and account for all the user data it has and has shared with third parties. If this is still true, and Meta/Facebook claims this is not, the company could be in violation of the European Union’s General Data Protection Regulation (GDPR) and its 2019 consent order with the United States (U.S.) Federal Trade Commission, to name just two jurisdictions in which they might face legal jeopardy. Moreover, even if this does not serve as the basis for regulatory action, it provides further fuel for the “Big Tech” fire.

However, the company denies that the document is representative of its data practices. A Meta spokesperson disputed the article’s claims in a statement:

Considering this document does not describe our extensive processes and controls to comply with privacy regulations, it's simply inaccurate to conclude that it demonstrates non-compliance. New privacy regulations across the globe introduce different requirements and this document reflects the technical solutions we are building to scale the current measures we have in place to manage data and meet our obligations

Certainly Meta is concerned that this document along with other evidence might prove tempting to regulators. The company then proceeds with a non-sequitur on how it is proceeding to comply with the proliferating data privacy standards around the world. This is seemingly not relevant to the claims in the document.

Nonetheless, last year in this document, Meta’s Ad and Business Product team conceded it can neither trace all its data nor can it make commitments to other entities such as regulators, third parties, and consumers about what data is collected, used, processed and shared:

We do not have an adequate level of control and explainability over how our systems use data, and thus we can’t confidently make controlled policy changes or external commitments such as “we will not use X data for Y purpose.” And yet, this is exactly what regulators expect us to do, increasing our risk of mistakes and misrepresentation.

Subscribe to read the rest.

Other Developments

European Commission President Ursula von der Leyen and India’s Prime Minister Narendra Modi “agreed to launch the EU-India Trade and Technology Council at their meeting in New Delhi on Monday…[a]strategic coordination mechanism will allow both partners to tackle challenges at the nexus of trade, trusted technology and security, and thus deepen cooperation in these fields between the EU and India” per their joint press release.

United States (U.S.) Secretary of Commerce Gina Raimondo met with European Commission Executive Vice President Valdis Dombrovskis “to discuss U.S.-EU cooperation on imposing costs on Russia in response to its unlawful invasion of Ukraine…[and] also discussed progress made within the U.S.-EU Trade and Technology Council’s (TTC) working groups ahead of the TTC Ministerial in France on May 15-16.”

The United States (U.S.) Department of Justice’s (DOJ) Office of the Inspector General (OIG) conducted an audit of the Federal Bureau of Investigation’s (FBI) information security and “identified weaknesses in all nine of the domain areas and two of the eight Congressional Letter areas that need to be strengthened to ensure that FBI’s information systems and data are adequately protected.” The OIG made “47 recommendations for improving FBI’s information security program.”

The Australian Competition and Consumer Commission “has instituted proceedings in the Federal Court against Uber B.V. (Uber), which has admitted it engaged in misleading or deceptive conduct and made false or misleading representations in the Uber ridesharing app.”

Tweet of the Day

Further Reading

Tech Giants Duped Into Giving Up Data Used to Sexually Extort Minors” By William Turton — Bloomberg

Facebook Doesn’t Know What It Does With Your Data, Or Where It Goes” By Lorenzo Franceschi-Bicchierai — Vice

Regulators are unlikely to block Musk’s purchase of Twitter, former officials say.” By David McCabe — New York Times

Tesla’s value dropped Tuesday by more than double the cost of Twitter” By Faiz Siddiqui — Washington Post

Inside Worldcoin’s Globe-Spanning, Eyeball-Scanning, Free Crypto Giveaway” By Richard Nieva and Aman Sethi — BuzzFeed News

For Russian tech firms, Putin’s crackdown ended their global ambitions” By Joseph Menn — Washington Post

Coming Events

§  26 April

o   The United States (U.S.) House Veterans Affairs Committee’s Technology Modernization Subcommittee will hold a hearing titled “Next Steps: Examining Plans for the Continuation of the Department of Veterans Affairs Electronic Health Record Modernization Program.”

§  27 April

o   The United States (U.S.) Federal Trade Commission (FTC) and U.S. Department of Justice will hold a listening forumon firsthand effects of mergers and acquisitions: media and entertainment.

o   The United States (U.S.) House Appropriations Committee’s Homeland Security Subcommittee will hold a hearing titled “Fiscal Year 2023 Budget Request for the Department of Homeland Security.”

o   The United States (U.S.) House Appropriations Committee’s Defense Subcommittee will hold a closed hearing titled “National Security Agency and U.S. Cyber Command FY2023 Budget and Posture.”

o   The United States (U.S.) Senate Commerce, Science, and Transportation Committee will hold a hearing titled “Department of Commerce Fiscal Year 2023 Budget Priorities.”

§  28 April

o   The United Kingdom’s (UK) House of Lords Fraud Act 2006 and Digital Fraud Committee will hold a formal meeting (oral evidence session) regarding “what measures should be taken to tackle the increase in cases of fraud.”

o   The United States (U.S.) House Appropriations Committee’s Homeland Security Subcommittee will hold a hearing titled Fiscal Year 2023 Budget Request for the Cybersecurity and Infrastructure Security Agency.