This morning, Vice published an article based on a leaked 2021 Meta/Facebook document written by Facebook engineers who conceded that the company cannot trace and account for all the user data it has and has shared with third parties. If this is still true, and Meta/Facebook claims this is not, the company could be in violation of the European Union’s General Data Protection Regulation (GDPR) and its 2019 consent order with the United States (U.S.) Federal Trade Commission, to name just two jurisdictions in which they might face legal jeopardy. Moreover, even if this does not serve as the basis for regulatory action, it provides further fuel for the “Big Tech” fire.
However, the company denies that the document is representative of its data practices. A Meta spokesperson disputed the article’s claims in a statement:
Considering this document does not describe our extensive processes and controls to comply with privacy regulations, it's simply inaccurate to conclude that it demonstrates non-compliance. New privacy regulations across the globe introduce different requirements and this document reflects the technical solutions we are building to scale the current measures we have in place to manage data and meet our obligations
Certainly Meta is concerned that this document along with other evidence might prove tempting to regulators. The company then proceeds with a non-sequitur on how it is proceeding to comply with the proliferating data privacy standards around the world. This is seemingly not relevant to the claims in the document.