In today’s society, our information seems to be anywhere and everywhere. It’s no
surprise anymore that our phones are “listening to us;” it’s even become a running joke on various social media. But what about our more personal information, like our names, contact information, and payment details? How do these get shared to providers and services that we don’t remember giving these details to? Let’s look at one of the largest conglomerates: Meta, formerly known as Facebook. This company has monopolized a portion of the internet, providing us with some of the most well- known and utilized apps including Facebook, Messenger, and Instagram. I read through some of the company’s privacy policy to pull out some of the critical details of what they collect from users and non-users alike, how they use and share that information, and how long they retain it. Please be advised that this article is not a complete rendition of the privacy policy for these products. For that, please follow the link to be directed to the whole disclosure. From what I gathered, the lengthy article is pretty circular, referring to itself and other Meta policies outside of the link provided. Additionally, it’s vague in some areas that left me questioning why details were missing or made confusing. For instance, when we sign up for an account on one of Meta’s products, we provide them details such as our names, birthdates, email addresses and/or phone numbers in order to even access the platforms. Don’t have social media? Social media may still have you, because Meta collects and retains this information from non-users, as well. If your friends or family have accounts, and even one person imports their contact information from their device, then Meta has access to the information your relation has saved about you. Once someone imports their device contacts, Meta collects that information daily to stay updated. Why would Meta even need this data from non-users? From what’s conveyed in the policy, this is how the “People You May Know” function is able to operate. If a non-user ever creates an account, their friends and family with existing accounts will populate so they can start connecting. And if a person never creates an account, then it’s used to push content they may like to see, or advertisers that also use Meta products to promote and sell their products. This is partially how we get curated content on our devices. While Meta never sells the information it collects, it does share certain information with integrated partners and third-parties. Integrated partners, as defined by Meta, are “partners who help you make a connection to them through our (Meta’s) Products.” Some of the examples given are checkout experiences and instant games, though actual named examples of partners or third-parties are never disclosed in Meta’s privacy policy. The only difference between an integrated partner and a third-party, seemingly, is the third-party is not involved in Meta Companies. If you’re like me, then you’re probably wondering to whom Meta is giving our information for free. Maybe the answer is as simple as the companies we see advertised most as we scroll down the internet highway, but without forthright details like names of partners and businesses, it’s a guess at best. The last reason Meta provides for collecting and retaining details from users and non- users is safety and security. If something malicious occurs and is facilitated by one of Meta’s products, Meta has information that law enforcement may need. Including the previous details listed, Meta can also turn over the content of messages sent between users, even if they’re encrypted (Meta states that a report must be filed to access the content of encrypted messages, but this still means that even encrypted data isn’t private); purchase history including card, billing, and shipping information; and device information. Yes, Meta knows if you’re an iPhone or Android user. They know if you’re using an early model iPhone that can barely support the newest iOS update, or if you’re using the newest Google Pixel 8 Pro for better photos and phone calls. And if you’re connected to a network, they know the same information about other devices connected to that network. While this is explained to be for experience enhancement, say to connect your phone to your TV to control a video stream, it calls into question if this is another way they gather information about non-users as easily as users. This is also how Meta is able to track locations even when Location Services are switched off. By tracking the IP addresses, locations can be as general as the area surrounding the nearest cell tower to as specific as a home address. And since Meta is sharing this information with partners and third-parties, what does that mean for an individual’s actual safety? Yes, Meta shares device information along with “demographics and engagement information” to its third-party affiliates, so stating here that “identifying information” such as names and email addresses aren’t shared seems null and void when your device information can lead to access to your identifying information. So how can the private stay private? Meta does provide options to manage your information and delete information through its privacy policy. The effectiveness of these options, in my opinion, are questionable. Throughout the policy, Meta never discloses how long they retain the information they collect because it all “depends on specific reason” according to them. If I decide to delete my Facebook and Instagram accounts today, Meta will retain my information for another six months before removing it completely from their systems, backups, and disaster recovery systems. But even then, it’s not guaranteed to be gone, since Meta has the right to keep information after receiving requests for removal for legal reasons. The “applicable laws” that Meta refers to are not listed or named, just lumped under the umbrella term. This means that users and non-users will have to consult their state laws for more understanding if their requests for removal are denied. As a reminder, this article is not a complete rendition of Meta’s privacy policy. Please follow the link here to view the policy in its entirety. What can we do to change the trajectory of our privacy? Does anything need to change, or has this become the norm as humans advance technology and its capabilities?