Privacy concerns with Facebook
, or Meta for short, has faced a number of privacy concerns. These stem partly from the company's revenue model that involves selling information collected about its users for many things including advertisement targeting. Meta Platforms Inc. has also been a part of many data breaches that have occurred within the company. These issues and others are further described including user data concerns, vulnerabilities in the company's platform, investigations by pressure groups and government agencies, and even issues with students. In addition, employers and other organizations/individuals have been known to use Meta Platforms Inc. for their own purposes. As a result, individuals' identities and private information have sometimes been compromised without their permission. In response to these growing privacy concerns, some pressure groups and government agencies have increasingly asserted the users' right to privacy and to be able to control their personal data.
In September 2024, the Federal Trade Commission released a report summarizing 9 company responses to orders made by the agency pursuant to Section 6 of the Federal Trade Commission Act of 1914 to provide information about user and non-user data collection and data use by the companies that found that the companies' user and non-user data practices put individuals vulnerable to identity theft, stalking, unlawful discrimination, emotional distress and mental health issues, social stigma, and reputational harm.
User data concerns
Widening exposure of member information 2011–2012
In 2010 the Electronic Frontier Foundation identified two personal information aggregation techniques called "connections" and "instant personalization". They demonstrated that anyone could get access to information saved to a Facebook profile, even if the information was not intended to be made public. A "connection" is created when a user clicks a "Like" button for a product or service, either on Facebook itself or an external site. Facebook treats such relationships as public information, and the user's identity may be displayed on the Facebook page of the product or service.Instant personalization was a pilot program that shared Facebook account information with affiliated sites, such as sharing a user's list of "liked" bands with a music website, so that when the user visits the site, their preferred music plays automatically. The EFF noted that "For users that have not opted out, Instant Personalization is instant data leakage. As soon as you visit the sites in the pilot program the sites can access your name, your picture, your gender, your current location, your list of friends, all the Pages you have Liked—everything Facebook classifies as public information. Even if you opt-out of Instant Personalization, there's still data leakage if your friends use Instant Personalization websites—their activities can give away information about you, unless you block those applications individually."
On December 27, 2012 CBS News reported that Randi Zuckerberg, sister of Facebook founder Mark Zuckerberg, criticized a friend for being "way uncool" in sharing a private Facebook photo of her on Twitter, only to be told that the image had appeared on a friend-of-a-friend's Facebook news feed. Commenting on this misunderstanding of Facebook's privacy settings, Eva Galperin of the EFF said "Even Randi Zuckerberg can get it wrong. That's an illustration of how confusing they can be."
Issues during 2007
In August 2007 the code used to generate Facebook's home and search page as visitors browse the site was accidentally made public. A configuration problem on a Facebook server caused the PHP code to be displayed instead of the web page the code should have created, raising concerns about how secure private data on the site was. A visitor to the site copied, published and later removed the code from his web forum, claiming he had been served and threatened with legal notice by Facebook. Facebook's response was quoted by the site that broke the story:In November Facebook launched Beacon, a system where third-party websites could include a script by Facebook on their sites, and use it to send information about the actions of Facebook users on their site to Facebook, prompting serious privacy concerns. Information such as purchases made and games played were published in the user's news feed. An informative notice about this action appeared on the third party site and allowed the user to cancel it. The user could also cancel it on Facebook. Originally if no action was taken, the information was automatically published. On November 29 this was changed to require confirmation from the user before publishing each story gathered by Beacon.
On December 1 Facebook's credibility in regard to the Beacon program was further tested when it was reported that The New York Times "essentially accuses" Mark Zuckerberg of lying to the paper and leaving Coca-Cola, which is reversing course on the program, with a similar impression. A security engineer at CA, Inc. also claimed in a November 29, 2007, blog post that Facebook collected data from affiliate sites even when the consumer opted out and even when not logged into the Facebook site. On November 30, 2007, the CA security blog posted a Facebook clarification statement addressing the use of data collected in the Beacon program:
The Beacon service ended in September 2009 along with the settlement of a class-action lawsuit against Facebook resulting from the service.
News feed and mini-feed
On September 5, 2006, Facebook introduced two new features called "News Feed" and "Mini-Feed". The first of the new features, News Feed, appears on every Facebook member's home page, displaying recent Facebook activities of the member's friends. The second feature, Mini-Feed, keeps a log of similar events on each member's profile page. Members can manually delete items from their Mini-Feeds if they wish to do so, and through privacy settings can control what is actually published in their respective Mini-Feeds.Some Facebook members still feel that the ability to opt out of the entire News Feed and Mini-Feed system is necessary, as evidenced by a statement from the Students Against Facebook News Feed group, which peaked at over 740,000 members in 2006. Reacting to users' concerns, Facebook developed new privacy features to give users some control over information about them that was broadcast by the News Feed. According to subsequent news articles, members have widely regarded the additional privacy options as an acceptable compromise.
In May 2010 Facebook added privacy controls and streamlined its privacy settings, giving users more ways to manage status updates and other information broadcast to the public News Feed. Among the new privacy settings is the ability to control who sees each new status update a user posts: Everyone, Friends of Friends, or Friends Only. Users can now hide each status update from specific people as well. However, a user who presses "like" or comments on the photo or status update of a friend cannot prevent that action from appearing in the news feeds of all the user's friends, even non-mutual ones. The "View As" option, used to show a user how privacy controls filter out what a specific given friend can see, only displays the user's timeline and gives no indication that items missing from the timeline may still be showing up in the friend's own news feed.
Inability to voluntarily terminate accounts
Facebook had allowed users to deactivate their accounts but not actually remove account content from its servers. A Facebook representative explained to a student from the University of British Columbia that users had to clear their own accounts by manually deleting all of the content including wall posts, friends, and groups. The New York Times noted the issue and raised a concern that emails and other private user data remain indefinitely on Facebook's servers. Facebook subsequently began allowing users to permanently delete their accounts in 2010. Facebook's Privacy Policy now states, "When you delete an account, it is permanently deleted from Facebook."Memorials
A notable ancillary effect of social-networking websites is the ability for participants to mourn publicly for a deceased individual. On Facebook, friends often leave messages of sadness, grief, or hope on the individual's page, transforming it into a public book of condolences. This particular phenomenon has been documented at a number of schools. Facebook originally held a policy that profiles of people known to be deceased would be removed after 30 days due to privacy concerns. Due to user response, Facebook changed its policy to place deceased members' profiles in a "memorialization state". Facebook's Privacy Policy regarding memorialization says, "If we are notified that a user is deceased, we may memorialize the user's account. In such cases we restrict profile access to confirmed friends and allow friends and family to write on the user's Wall in remembrance. We may close an account if we receive a formal request from the user's next of kin or other proper legal request to do so."Some of these memorial groups have also caused legal issues. Notably, on January 1, 2008, one such memorial group posted the identity of murdered Toronto teenager Stefanie Rengel, whose family had not yet given the Toronto Police Service their consent to release her name to the media, and the identities of her accused killers, in defiance of Canada's Youth Criminal Justice Act, which prohibits publishing the names of the under-age accused. While police and Facebook staff attempted to comply with the privacy regulations by deleting such posts, they noted difficulty in effectively policing the individual users who repeatedly republished the deleted information.