In the wake of a tricky few months for Mr Z following ‘THAT’ scandal, Facebook announced its new Data Policy in April this year. Its intention is to be more transparent to Facebook users – so what does it say?


Who is Facebook?

Facebook is more than just Facebook. Facebook Inc. and Facebook Ireland Limited’s offer other products such as Instagram (including apps like Direct and Boomerang), Moments, Bonfire, Facebook, Mentions, AR Studio and Audience Network.

Facebook also owns a number of other companies such as Atlas, Oculus and Oculus Ireland Limited and WhatsApp Inc. and WhatsApp Ireland Limited that operate their own products.

How does Facebook collect my data?

Data is collected when you sign up for an account, create or share content, and message or communicate with others.

Your friends can also act as a conduit to your information being collected by Facebook. This can be done through your friends’ actions such as sharing, comment on a photo of you, send a message to you, even when you restrict certain data sharing on your own profile.

What is collected?

Facebook will collect information on people, pages you like, your account details, connections using hashtags and groups you are connected to, how you interact with people across all Facebook products.

When you give your Facebook profile information on your religious views, political views, who you are “interested in,” or your health, this is subject to special protections under EU law and so should, be better protected. Another special category of Data is the data collected by facial recognition technology which the Policy describes as a feature that you can ‘turn on’. Instagram does not yet use this technology.


You don’t need a Facebook account to be known by Facebook

Your friends can give your details to Facebook, even if you are not a user yourself. Data can be captured by Facebook through your friends through their uploading, syncing or importing your contact information.

Access doesn’t stop there.

Certain functions can ask to access your address books, call logs or SMS log history which is used to “suggest friends” and other functions.

Facebook may also look into the device itself to look at hardware/software features such battery level, signal strength and the apps you use. It may also monitor mouse movements and also the windows you have open at any one time. Facebook says that this is to ensure that you are not a robot.

Location is everything

The policy says that you can ‘turn on’ features such as GPS location, access to your camera and photos. But there is no mention of any control mechanism afforded to the user in relation to other data that may determine their location such as IP addresses, Bluetooth signals, Wi-Fi access points, beacons, or cell towers. Facebook uses data to target you for ad purposes.  The policy does however state that no personally identifying information (such as your name or email address) is shared with third parties unless you give permission.

What does Facebook do with your data?

The secret to Facebook’s success is that it knows you better than you know yourself. It’s personalised and all of the data collected contributes to this personalised service. If it weren’t relevant, people would likely lose interest.

We are also in an age of convenience, we want to save time. By allowing communications between the Facebook products/companies (and even third parties) we are offered convenience through features such as automatic registration (sites that allow us to register with it through Facebook).

Data is commonly shared between Facebook products/companies to build a picture of the person’s activities and profile. For example, we are all familiar with Facebook friends popping up as suggested friends on Instagram. The policy also says that where action needs to be taken for security purposes further to certain behaviours on one platform, they are able to reverberate the action against the user across all platforms if needed.

Data is also shared with law enforcement for the purpose of meeting their legal obligations. That also includes the laws of countries outside the UK.

Users are ‘Guinea Pigs’

Facebook and other research partners use your data to conduct research. Topics include general social welfare, technological advancement, public interest, health and well-being but the wording of the Policy is arguably wide and slightly vague. The policy makes no mention of being able to opt into the research and so it would appear that by using a Facebook product or a Facebook Company product means you accept your participation.

Data Retention

Apart from a couple of examples (search history logs and government-issued ID records), little mention is made in relation to retention periods – simply that retention will last for as long as  a purpose exists. Hitting delete will not mean you are immediately forgotten. The process of erasure takes 14 days to complete and even then Facebook states that data may remain on their servers.


Ultimately, whether you use a product is your choice but it is becoming more of a social norm to share your personal data.

Transparency by Facebook is a step in the right direction but ask yourself – would you have read the new Data Policy?

Users need to get out of the ‘auto-accept and continue’ mind-set. Today, take 10 minutes to familiarise yourself with your own account settings – you may surprise yourself with what you have ‘allowed’ to happen with your data.