Facebook has revealed the kind of data it is tracking and collecting from non-users, and those who are logged out from the social network. Last week, Facebook CEO Mark Zuckerberg testified in front of the US Congress, where one of the questions he faced was around this issue. Zuckerberg had revealed that Facebook does track such people, but said it was done for security reasons and to serve better ads. However, when asked by the House Committee on the exact data points that Facebook was keeping, Zuckerberg had not given a detailed response, and said he would follow up later.
Now, Facebook’s David Baser, who is Product Management Director, has written a detailed blogpost on the company’s official newsroom revealing all the details about the tracking of non-users and those who are logged out. Baser leads a team which is focused on privacy and data use and working on GDPR compliance. GDPR is EU’s new data privacy law for EU residents, and stands for General Data Protection Regulation.
Facebook has revealed that it collects data from other websites and apps, which are using the company’s services. This includes social plugins, which would be the Like and Share buttons. These have become common on most websites. Apps, website which use Facebook Login option are also included in this data sharing. Additionally sites or apps that rely on Facebook Analytics and Facebook Ad networks and measurement tools are also sending data back to the social network. So anytime a user visits a site which relies on any of these Facebook services, their information is collected.
The key point is that data is collected even if the user is not signed into Facebook or does not have a Facebook account. This sharing of data is not just limited to Facebook. Other players like Twitter, Pinterest and LinkedIn, Google, Amazon, etc also offer such features like Share buttons, logins, and again information is shared with them as well.
What data is Facebook collecting from non-users, logged out users?
When a user visits a website, the browser shares some information like the IP address. Other information like the browser being used, the operating system is also shared with the website. Most websites also rely on cookies to keep a track of user data. Cookies help identify which website a user has visited before. For example, if one visits Amazon and searches for a phone, then the next time, you open Amazon on the browser, it will show a page about that phone again. This is due to the cookies, which store some of this information, including browsing history.
As Facebook explains, they get access to all this information from a site or app using their services. So you might not have a Facebook account, but information around browser, IP address will be shared to the network, thanks to all the sites and apps which are using its services. The company also knows which website or app one is using on the browser. Facebook says this information is necessary “to know when to provide our tools”.
So what happens to the data Facebook is getting from third-party websites, apps?
One thing to note that is Facebook insists it is not selling user data to advertisers. But Facebook uses this data information in three ways. One is providing its services to these sites or apps, second is to improve safety and security on Facebook, and third is to improve its own products and services. The post goes into detail on explaining how the data is used in each case.
For instance, with social plugins and Facebook logins, it is collecting IP address, browser and operating system information along with address of the website and app. Facebook says cookies and device identifiers also help the network is figuring out if the user is logged in, and make it easier to share the content on Facebook.
Meanwhile, Facebook Analytics gives websites and apps data about how they are used, including countries where users are accessing the app via the IP addresses. Again the browser and operating system information will be shared with developers. The post adds that,“cookies also help us recognise which visitors are Facebook users so we can provide aggregated demographic information, like age and gender, about the people using the app.”
Those services which are using the Facebook Audience Network will help websites and apps to show ads from Facebook advertisers. Again to execute such ad requests, Facebook relies on cookies, device identifies to know if the user is a Facebook customer and if they are not, they could see an ad asking them to signup for the social network. Those who are Facebook users will get ads from the same advertisers, who target them on the social network, served on these third-party apps and websites. Facebook also gives advertisers stats about how many people are responding to their ads, but the company says it does not share personal information while doing this.
On the security front, Facebook claims it uses information received from websites and apps to help protect a user’s account. For instance, if someone tries to login from a different country with a new IP address, Facebook could ask them to verify their identity. Finally, all this data is used to improve ads on the social network. Users must have noticed that if they browse for one particular thing on a third-party site on their browser, there is a possibility that Facebook will also show ads for this. For example, if you are hunting for furniture from various sites, there’s a chance that ads for this will appear in your News Feed. This is due to the information sharing via cookies, etc.
The social network says it has options to ensure that users’ privacy and data is not compromised. Facebook will let users opt out of these types of ads entirely, which would ensure that data is not collected when a user is logged out of the network. Finally, if a user does not want the network to use their Facebook interests to serve them ads on other websites and apps, then that too can be controlled from the privacy setting.