Amidst the various questions put to Facebook CEO Mark Zuckerberg during his Congressional testimony last week, Zuckerberg’s response to one query, in particular, stood out.
Answering a question from Representative Ben Lujan, Zuckerberg noted that Facebook does, in fact, track the data of people who haven't signed up for Facebook. Zuckerberg said that they do so “for security purposes”.
That seems like a pretty significant breach of privacy, right? Tracking people’s data with their consent is one thing, but keeping tabs on those who’ve not even agreed to Facebook’s complex terms and conditions is something else, and something that requires further investigation.
To clarify this – and ideally avoid that further action – The Social Network has released a follow-up explainer post on the how and why of its data tracking in order to quell questions around its collection practices.
Entitled “What Data Does Facebook Collect When I’m Not Using Facebook, and Why?”, the post, by Facebook product management director David Baser, further explains the logic behind Facebook’s data collection practices, particularly for those people who are not actively on the platform.
First, Baser explains what data Facebook collects from other sites:
Many websites and apps use Facebook services to make their content and ads more engaging and relevant.
These services include:
- Social plugins, such as our Like and Share buttons, which make other sites more social and help you share content on Facebook
- Facebook Login, which lets you use your Facebook account to log into another website or app
- Facebook Analytics, which helps websites and apps better understand how people use their services
- Facebook ads and measurement tools, which enable websites and apps to show ads from Facebook advertisers, to run their own ads on Facebook or elsewhere, and to understand the effectiveness of their ads.
Baser explains that through these various methods, Facebook collects data on users even if they don’t have a Facebook account.
“This is because other apps and sites don’t know who is using Facebook.”
To further explain how Facebook collects data from non-Facebook users, Baser provides this example:
“When you visit a website, your browser sends a request to the site’s server. The browser shares your IP address so the website knows where on the internet to send the site content. The website also gets information about the browser and operating system you’re using, because not all browsers and devices support the same features. It also gets cookies, which are identifiers that websites use to know if you’ve visited before. This can help with things like saving items in your shopping cart.
A website typically sends two things back to your browser: first, content from that site; and second, instructions for the browser to send your request to the other companies providing content or services on the site. So when a website uses one of our services, your browser sends the same kinds of information to Facebook as the website receives. We also get information about which website or app you’re using, which is necessary to know when to provide our tools.”
Baser’s explanation seeks to frame this type of data collection as not only nothing nefarious, but also a process in common use:
“This happens for any other service the site is using. For example, when you see a YouTube video on a site that’s not YouTube, it tells your browser to request the video from YouTube. YouTube then sends it to you.”
In other words, everyone’s doing this, so it’s not fair to single out Facebook – and Facebook can’t really do a lot with that data from non-users as it has nothing to cross-match it against.
That explanation makes sense, but Facebook does have - and has used - more in-depth targeting measures to better link offline and non-users’ data. For example, Facebook’s Pixel can track purchases, while cross-matching Facebook data with third-party providers can directly link on and offline behaviors, something Facebook has been pushing for some time.
Indeed, Facebook’s tried in-store beacons and has advanced its Conversion Lift metrics, which help connect point of sale data with Facebook activity by prompting businesses to upload their own insights. That, inadvertently, gives Facebook access to a broader set of non-user data – again, Facebook can’t necessarily do a lot with it, as they don’t have a Facebook profile to connect the information to. But they do have it, and unless they significantly change their processes, there’s not a lot they can do to avoid such.
So is that a concern? It depends – Facebook could still use that data for advanced modeling, building broader trend patterns and insights based on both users and non-users which could help provide insights. That would mean that the data of non-users, while remaining anonymous, could be used by Facebook in their process, which may not necessarily be a direct invasion of privacy, but it’s still using people’s data without consent.
But as noted by Facebook, every online business is doing this, and it again comes back to the question of convenience and benefit versus privacy. As technology advances, our lives become more and more connected, which makes things easier and more efficient. But the cost of that efficiency is data, and giving up a level of personal insight in order to benefit.
The question is, where does that balance weigh to heavily to one side – and has Facebook already reached that key tipping point?