The Facebook Data Protection Racket

Cows Discuss Data Protection

Facebook is a milk-cow monopoly. Its business is advertising, and its customers pay considerable sums of money to present ads to Facebook’s product — the herds of milk-cows who regularly log in and graze on information left there by other milk-cows. It monopolizes the social network market, preventing competition by the sheer size of its two billion herd. In 2012, when it seemed possible that Instagram might challenge it, Facebook just bought Instagram along with its growing herd, which is now estimated to be 800 million strong.

Advertisers bitch about Facebook because it’s Hobson’s choice — right now they have to do business with it, and its monopoly is getting stronger. It has been growing at roughly between 40% to 55% per annum. Currently, it has annual revenues of $40 billion, which means it manages to milk roughly $20 per year from each of its milk-cows. The average cost per click on Facebook is $0.27, so the average milk-cow only views about one ad every five days. Nevertheless, that’s how fortunes are made.

But does Facebook treat its milk-cows humanely?

Facebook’s Record of Data Abuse

In 2012, the Federal Trade Commission (FTC) accused Facebook of deceiving consumers about data privacy. According to the FTC, Facebook told its users they could keep their data private and then, repeatedly, allowed their data to be made public and shared.

That’s the data protection racket in a nutshell; abuse personal data and tell lies.

Specifically, Facebook was accused of these things:

• In December 2009, it changed its website so some information users might have designated as private, such as Friends Lists, was made public. Users were neither warned nor consulted.
• It claimed that third-party Facebook apps that users’ installed would have access only to the data needed to operate. In fact, the apps could access almost all user data.
• Facebook told users they could restrict sharing of their data to limited audiences (e.g., Friends Only). In reality, this did not prevent user data being purloined by third-party apps their friends used.
• Facebook claimed that it certified the security of apps that participated in its “Verified Apps” program. It didn’t.
• Facebook promised it would not share users’ personal information with advertisers. It did.
• Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. Yet it still allowed access to that content for at least a month.
• Facebook claimed that it complied with the Safe Harbor Framework that governs data transfer between the U.S. and the European Union. It didn’t.

Finding against Facebook, the FTC settled the case in the following way:

1. It barred Facebook from making any further deceptive privacy claims.
2. It required that Facebook got consumers’ approval before it made changes to the way it shared their data.
3. It required that it obtain periodic assessments of its privacy practices by independent, third-party auditors for the next 20 years.

The settlement warned that any future violations might “result in a civil penalty of up to $16,000.”

No doubt Facebook executives strained to keep a straight face when they heard the humungous size of the possible financial penalty.

Let’s Fast Forward to May, 2014

That was when Global Science Research (GSR) built a quiz app which gathered data on about 270,000 users to gain access to the data of more than 50 million users. The app saved the data into a private database, in violation of Facebook’s terms of service, which expressly prohibited such activity and enforced this strict prohibition by, er, doing nothing whatsoever.

It has not been revealed how many such apps gathered and stored Facebook users personal data in the time before April 2015. Most likely there were quite a few. It wasn’t until April 2015 that Facebook began to prevent third-party apps from harvesting data from “friends permissions.” The prohibition didn’t take full effect until April 2016. Up to then, it was open season on your Facebook data.

Let’s Fast Forward Again, to April 2018

On April 4, 2018, Facebook revised the count of users affected by the GSR data harvest to 87 million, and later that day, Mark Zuckerberg confessed that up to two billion Facebook users (the whole damn herd) might have been affected by “malicious actors.”

In the wake of the scandal, in March, the FTC’s Bureau of Consumer Protection announced that it would open a non-public investigation into the privacy practices of Facebook. It’s very likely in my opinion that they will find Facebook culpable and who knows, it’s even possible that Facebook will be fined $16,000.

It’s In Facebook’s DNA

Facebook’s only product is access to you and your data. Its business will disintegrate if it cannot throw ads at you. And yet in the past, it has exhibited no respect for you or your data rights. It’s not sustainable for three reasons.

1. Firstly the EU’s General Data Protection Regulations (GDPR — What Are Those Data Rights I keep Hearing About?) come into force in May 2018. If Facebook violates GDPR, it will rapidly go out of business. The fine for GDPR violation can be as much as 4% of annual revenue.
2. Tellingly, in a recent interview with Reuters, CEO Mark Zuckerberg proclaimed that Facebook “Agreed in spirit” with GDPR. This might mean that Brother Mark has had a come-to-Jesus moment and decided to eschew the devil and all his algorithms. But I suspect not.
3. Mark seems to believe that people outside the EU will be happy to be second class data citizens. They won’t. Especially not in America.

More to the point. Facebook’s monopoly is not bullet-proof. There are new blockchain startups — Permission.io, formerly Algebraix, is one — who are building their business on respect for data ownership and enabling people to earn from their data. For such a company, the network’s users are customers, not products. As such companies evolve, the Facebook milk-cows will drift away from the flailing factory farm to graze in richer meadows.

Robin Bloor Ph D. is the Technology Evangelist for Permission.io, author of The “Common Sense” of Crypto Currency, cofounder of The Bloor Group and webmaster of TheDataRightsofMan.com.