Facebook has failed to safeguard users’ personal data to the point where the company doesn’t know what happens to it or where it ends up, the firm’s software engineers have warned.
The news site Motherboard obtained leaked documents indicating that senior software engineers warned the company was unprepared for a “tsunami” of privacy regulations by governments dealing with how it handles user data.
“We’ve built systems with open borders,” one document, which was written last year by engineers who specialize in privacy, read.
“The result of these open systems and open culture is well described with an analogy: Imagine you hold a bottle of ink in your hand. This bottle of ink is a mixture of all kinds of user data…You pour that ink into a lake of water…and it flows … everywhere.”
“How do you put that ink back in the bottle? How do you organize it again, such that it only flows to the allowed places in the lake?”
A spokesperson for Facebook’s parent company, Meta Platforms Inc., told the Post that the Motherboard story was “not accurate.”
“Considering this document does not describe our extensive processes and controls to comply with privacy regulations, it’s simply inaccurate to conclude that it demonstrates non-compliance,” the company said in a statement.
“New privacy regulations across the globe introduce different requirements and this document reflects the technical solutions we’re building to scale the current measures we have in place to manage data and meet our obligations.”
A company spokesperson also blasted the “lake analogy” as lacking merit.
“This analogy lacks the context that we do, in fact, have extensive processes and controls to manage data and comply with privacy regulations,” according to the spokesperson.
One of the authors of the document cited by Motherboard wrote: “We do not have an adequate level of control and explainability over how our systems use data, and thus we can’t confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose’.”
“And yet, this is exactly what regulators expect us to do, increasing our risk of mistakes and misrepresentation.”
Facebook’s business model is predicated on monetizing user data by selling that information to advertisers, who can tailor their pitches to specific people based on their online preferences.
The European Union is working on a comprehensive overhaul of its privacy regulations that would crack down on targeted ads.
The Digital Services Act has won support among a majority of European Parliament members who want to ban large tech companies like Facebook and Google from using sensitive personal data to place targeted ads.
The data includes things like a person’s location, religious affiliation, sexual orientation, and other metrics.
Meta has had to contain fallout from several public relations crises.
Last year, whistleblower Frances Haugen leaked thousands of documents showing internal research at the company that highlights everything from the apps’ impact on kids to those with eating disorders.