HAT: Called out by Facebook

The summon

It happened a few weeks ago. Out of the blue, I was pinged by the Facebook compliance team. Given that our platform enable HAT owners to claim their Facebook data, we knew, sooner or later, we will have to answer to the tech platforms out there, as they may see it as a loss of control, since data went from them to their users to be reused and reshared freely, without being answerable to them.

While HAT owners may not answerable to FB, WE (the HATDeX Platform) being the technological enabler, are of course answerable to FB. We know our model is unconventional, but our position has always been that this is good for all as HAT owners that claim their FB data would also want to generate data on FB, which is far better than #deletefacebook and FB is also seen doing the right thing in giving their users their data back. Still, enabling a mass reuse and re-share of FB data by their own users could be seen as a threat.

The right for HAT owners to claim their data is a fundamental right that the HATDeX platform upholds, through enabling a “data plug”, an “API-to-API” service pulling data from an Internet application (like FB), and pushing it into HATs, on the owner’s request. The platform has several data plugs, and awaiting FCA approval for banking data plugs as well. I was prepared to go to court on behalf of our HAT owners if they shut down the APIs.

We also knew we would be called out at some point but were surprised they called us out this soon. I would have thought they would have waited till our numbers hit a million or 2 before calling us out. And so it came. Crunch time, shall we say.

The Interview

Our first call lasted more than 2 hours, even though they said it would be just a “routine” call of half an hour. The questions were many.

“What are you using the APIs for” (to enable HAT owners to claim their FB data)

What do you mean when HAT owners take the data into the HATs it is no longer FB’s data? (This was a direct reference to my medium post – clear sign they’ve been reading). Answer: well, the data does go into HATs as subject access request, so it’s really like downloading their own data to their PC, except we enable them to do it in real time. And you really can’t stop users from using what is theirs.

How do HAT owners share the data? What do they share it for? How do you control that the sharing? Who controls it? What are the rules?

We briefed them on the platform guidelines across all applications and the fact that all applications have to be reviewed and rated at HATLAB sandbox before going live.

What applications are built on the HAT? Where in the legal documentation did you say that? How is it done technically? Does the HAT owner ALWAYS have to agree when data is shared?

(For the last one, duh, yeah – he actually licenses the data to the application and the platform just enable the contracts to be in place and move data as per instruction)

And on and on for 2 hours.

It was clearly a fact finding mission. They were polite but curious so after the call, we waited to hear what they would do. We sent them the legals, the collaterals, the tech documentation links.

A HAT with a URL thefacebook.hubofallthings.net was created a few weeks later. We could see from the logs that they had a 2 hour session on their HAT.

An email came to ask for a further meeting.

I was ready for a fight.

The verdict

Another one hour interview followed. This time they gave their verdict. We were almost compliant with their policy, they said, except one application on our platform that enabled a HAT owner to sell his/her data for cash. They explained patiently that after Cambridge Analytica, they are called to a higher standard and the fact that HAT owners could do that was unacceptable to them. They were very polite. Even apologetic. They wanted to work with us, they said, not shut us down or prohibit us from using their APIs. They didn’t want to get in the way of our “business model” (a nice way of not validating our model of data ownership but acknowledging it). They iterated that they will not put any restrictions on us that they do not put on themselves ie FB doesn’t “sell” their users data for cash now, and we shouldn’t enable HAT owners to do so either.

I was persuaded. Yes, the data does belong to the HAT owner and he should be free to use it any way he chooses including selling it but I can see why the technology that aids in that sale may be complicit. It’s like saying your body is yours and you should have the right to do with it how you please which means no one can stop you from selling your organs but the mall or the broker that facilitates the sale would be irresponsible and immoral. Applied to the selling of FB data, it has clearly been shown that such data could result in world changing events such as influencing elections etc. so facilitating an overt selling of the data would certainly border on irresponsibility and/or immorality.

The Facebook compliant team was very polite in iterating that they had no other issues with HAT owners reusing and re-sharing their data with all other applications in any way they see fit but they would not agree to the sale of the FB data for cash.

I pushed back a little, on behalf of academic researchers who could “buy” FB data to train algorithms but I didn’t put up much of a fight, as I empathised, and we found ourselves (surprisingly) agreeing with FB.

It will take us about a month to ensure that FB data cannot be sold for cash through the DataBuyer Engine (in live beta) or the DataTrader application (currently in sandbox), both services often used by academic researchers, but we are fine with that. It does mean that Facebook data plug becomes A*BC rated on the platform (see ratings) but I presume they are ok with that too ;)

I came off that experience feeling that perhaps FB did get our model after all. I mean, seriously, who are we. They are a large tech giant and we are just a small platform, albeit with a unique feature of data ownership. They are mighty and strong and could have just shut down our access to the APIs, as many of these tech titans do when they disagree with what you do. But for the fact that they didn’t, and went through the trouble of investigating, and were really genuinely polite in wanting to work with us, I can’t help but be impressed. Too often we have demonised FB for their indiscretions but for their treatment of HAT and the HATDeX Platform at least, I am content. As HATs begin scaling up this year, perhaps our partnership could actually be beneficial to all.


HAT personal data accounts power the next generation of applications as outsourced user accounts owned by users themselves. For more details, visit https://hatdex.org for the HATDeX Platform or learn about the HAT at https://www.hubofallthings.com