It should have been an easy question to answer.
It came from Florida Rep. Kathy Castor during the House’s questioning of Facebook CEO Mark Zuckerberg last week, when she asked:
You are collecting personal data on people who are not Facebook users. Yes or no?
There was no yes or no to be had, so she tried again:
You watch where we go. Isn’t that correct?
Everyone has control over how that works.
She wasn’t the only member of the House Energy and Commerce Committee to press the CEO about how much information it collects about both users and non-users. As Castor put it, “It’s practically impossible these days to remain untracked in America,” and it’s led to a “devil’s bargain” in which people are “spied on” and tracked even after they leave the platform.
On Monday, Facebook finally coughed up the answer. It’s no shocker: the answer is yes.
Yes, Facebook tracks both users and non-users across websites and apps, according to a post written by David Baser, Product Management Director.
It does so for three main reasons, he said:
- To provide its services to the sites or apps;
- To improve safety and security on Facebook; and
- To enhance its own products and services.
From the post:
When you visit a site or app that uses our services, we receive information even if you’re logged out or don’t have a Facebook account. This is because other apps and sites don’t know who is using Facebook.
Facebook is far from the only online service to do this. Twitter, Pinterest and LinkedIn have similar Like and Share buttons, Google has a popular analytics service, and Amazon, Google and Twitter all offer login features, Baser said.
In fact, most websites and apps send the same information to multiple companies each time you visit them.
Baser emphasized that “We don’t sell people’s data. Period.” And, just as Zuckerberg repeatedly told Senators and Representatives last week, Baser said that Facebook is focused on putting users in control of their data and that the company is trying to be more transparent about the data it collects and how that data is used.
Whether it’s information from apps and websites, or information you share with other people on Facebook, we want to put you in control – and be transparent about what information Facebook has and how it is used. We’ll keep working to make that easier.
That transparency doesn’t extend to letting non-users get at the data Facebook collects about them, however.
On Wednesday, Zuckerberg responded to questions from Rep. Ben Luján by explaining that Facebook collects “data of people who have not signed up for Facebook” for “security purposes,” explaining how it helps to prevent scraping:
…in general we collect data on people who have not signed up for Facebook for security purposes to prevent the kind of scraping you were just referring to … we need to know when someone is repeatedly trying to access our services
The CEO didn’t explain what, if anything, else Facebook might doing with the data it gathers on non-members.
Lawmakers and privacy advocates immediately responded, with many saying that Facebook needed to develop a way for non-users to find out what the company knows about them.
On Friday, Facebook said it had no plans to build such a tool, according to Reuters.
In his post on Monday, Baser added a bit of detail around the security purposes behind its collection of non-users’ data:
If someone tries to log into your account using an IP address from a different country, we might ask some questions to verify it’s you. Or if a browser has visited hundreds of sites in the last five minutes, that’s a sign the device might be a bot.
Baser explained that one of the services Facebook provides to websites and apps is Audience Network: a service that lets advertisers create ads on Facebook that show up elsewhere in cyberspace. Advertisers can also target non-users with a tiny but powerful snippet of code known as the Facebook Pixel: a web targeting system embedded on many third-party sites. Facebook has lauded it as a clever way to serve targeted ads to people, including non-members.
Conspicuous by its absence from the blog post was any mention of shadow profiles: profiles of people who’ve never signed up for Facebook.
European countries have been battling with Facebook over shadow profiles for years. In 2011, a Irish privacy group sent a complaint about shadow profiling – collecting data including but not limited to email addresses, names, telephone numbers, addresses and work information – from non-members.
More recently, in the latest installment in a long-running privacy case, a Belgian court ordered Facebook to stop profiling non-members in the country or face a daily fine.
But what, exactly, can non-users do about this tracking?
Facebook sent this statement to Reuters:
This kind of data collection is fundamental to how the internet works.
There are basic things you can do to limit the use of this information for advertising, like using browser or device settings to delete cookies. This would apply to other services beyond Facebook because, as mentioned, it is standard to how the internet works.