How private is Meta’s Privacy Policy?

In today’s society, our information seems to be anywhere and everywhere. It’s no

surprise anymore that our phones are “listening to us;” it’s even become a running joke on
various social media. But what about our more personal information, like our names, contact
information, and payment details? How do these get shared to providers and services that we
don’t remember giving these details to?
Let’s look at one of the largest conglomerates: Meta, formerly known as Facebook. This
company has monopolized a portion of the internet, providing us with some of the most well-
known and utilized apps including Facebook, Messenger, and Instagram. I read through some of
the company’s privacy policy to pull out some of the critical details of what they collect from
users and non-users alike, how they use and share that information, and how long they retain it.
Please be advised that this article is not a complete rendition of the privacy policy for these
products. For that, please follow the link to be directed to the whole disclosure.
From what I gathered, the lengthy article is pretty circular, referring to itself and other
Meta policies outside of the link provided. Additionally, it’s vague in some areas that left me
questioning why details were missing or made confusing.
For instance, when we sign up for an account on one of Meta’s products, we provide
them details such as our names, birthdates, email addresses and/or phone numbers in order to
even access the platforms. Don’t have social media? Social media may still have you, because
Meta collects and retains this information from non-users, as well. If your friends or family
have accounts, and even one person imports their contact information from their device, then
Meta has access to the information your relation has saved about you. Once someone imports
their device contacts, Meta collects that information daily to stay updated.
Why would Meta even need this data from non-users? From what’s conveyed in the
policy, this is how the “People You May Know” function is able to operate. If a non-user ever
creates an account, their friends and family with existing accounts will populate so they can start
connecting. And if a person never creates an account, then it’s used to push content they may
like to see, or advertisers that also use Meta products to promote and sell their products. This is
partially how we get curated content on our devices.
While Meta never sells the information it collects, it does share certain information with
integrated partners and third-parties. Integrated partners, as defined by Meta, are “partners who
help you make a connection to them through our (Meta’s) Products.” Some of the examples
given are checkout experiences and instant games, though actual named examples of partners or
third-parties are never disclosed in Meta’s privacy policy. The only difference between an
integrated partner and a third-party, seemingly, is the third-party is not involved in Meta
Companies. If you’re like me, then you’re probably wondering to whom Meta is giving our
information for free. Maybe the answer is as simple as the companies we see advertised most as
we scroll down the internet highway, but without forthright details like names of partners and
businesses, it’s a guess at best.
 The last reason Meta provides for collecting and retaining details from users and non-
users is safety and security. If something malicious occurs and is facilitated by one of Meta’s
products, Meta has information that law enforcement may need. Including the previous details
listed, Meta can also turn over the content of messages sent between users, even if they’re
encrypted (Meta states that a report must be filed to access the content of encrypted messages,
but this still means that even encrypted data isn’t private); purchase history including card,
billing, and shipping information; and device information.
Yes, Meta knows if you’re an iPhone or Android user. They know if you’re using an
early model iPhone that can barely support the newest iOS update, or if you’re using the newest
Google Pixel 8 Pro for better photos and phone calls. And if you’re connected to a network, they
know the same information about other devices connected to that network. While this is
explained to be for experience enhancement, say to connect your phone to your TV to control a
video stream, it calls into question if this is another way they gather information about non-users
as easily as users.
This is also how Meta is able to track locations even when Location Services are
switched off. By tracking the IP addresses, locations can be as general as the area surrounding
the nearest cell tower to as specific as a home address. And since Meta is sharing this
information with partners and third-parties, what does that mean for an individual’s actual
safety? Yes, Meta shares device information along with “demographics and engagement
information” to its third-party affiliates, so stating here that “identifying information” such as
names and email addresses aren’t shared seems null and void when your device information can
lead to access to your identifying information.
So how can the private stay private? Meta does provide options to manage your
information and delete information through its privacy policy. The effectiveness of these
options, in my opinion, are questionable. Throughout the policy, Meta never discloses how long
they retain the information they collect because it all “depends on specific reason” according to
them. If I decide to delete my Facebook and Instagram accounts today, Meta will retain my
information for another six months before removing it completely from their systems, backups,
and disaster recovery systems. But even then, it’s not guaranteed to be gone, since Meta has
the right to keep information after receiving requests for removal for legal reasons. The
“applicable laws” that Meta refers to are not listed or named, just lumped under the umbrella
term. This means that users and non-users will have to consult their state laws for more
understanding if their requests for removal are denied.
As a reminder, this article is not a complete rendition of Meta’s privacy policy. Please
follow the link here to view the policy in its entirety. What can we do to change the trajectory of
our privacy? Does anything need to change, or has this become the norm as humans advance
technology and its capabilities?