Facebook Ireland Accused of Creating ‘Shadow Profiles’ On Users, Nonusers
Facebook Ireland is under fire for allegedly creating “shadow profiles” on both users and nonusers alike.
The startling charges against the social-networking giant come from the Irish Data Protection Commissioner (IDC), which, Fox News reports today, is launching a “comprehensive” investigation against Facebook Ireland for extracting data from current users–without their consent or knowledge–and building “extensive profiles” on people who haven’t even signed on for the service.
Names, phone numbers, e-mail addresses, work information, and perhaps even more sensitive information such as sexual orientation, political affiliations, and religious beliefs are being collected and could possibly be misused, Irish authorities claim.
Interestingly, Facebook users living outside of the United States or Canada are contracted with Facebook Ireland. Facebook users living inside the United States and Canada are contracted with Facebook Inc., headquartered in California. Running afoul of privacy laws is much more likely for companies operating outside of the United States, especially in Europe, where privacy laws are much more stringent.
On August 18, the IDC received a formal complaint against Facebook Ireland made by Max Schrems, a 24-year-old Austrian law student. In June, after attending a talk by a Facebook executive at Santa Clara University in California, while on a study abroad program, Schrems apparently asked Facebook for his data. To his surprise, the company sent him a CD with 1,200 pages–three years worth–of highly personal “deleted” material ranging from friend requests to his history of “Pokes” to lists of people he had “defriended” to entire chat messages.
Schrems, in turn, filed 22 discrete complaints about Facebook to the IDC. That has led to an official “statutory” audit of Facebook Ireland that’s going to get underway next week and could possibly lead to “immediate charges” if Facebook is found to be in violation of data protection laws, a representative for IDC told Fox News. Facebook could also be fined up to $137,000 (U.S. dollars) according to the U.K.-based Guardian.
“I’m not saying there was anything criminal or forbidden there, but let’s just say that, as someone wanting to work in law, there was stuff which could make it pretty impossible for me to get a job,” Schrems was quoted as saying in The Guardian. “By holding on to data its users assumed was deleted, Facebook was acting like ‘the KGB or the CIA,’ said Schrems…. It’s frightening that all this data is being held by Facebook.”
In his “Shadow Profiles” complaint, Schrems explains how Facebook goes about eliciting data from users and nonusers:
“This is done by different functions that encourage users to hand personal data of other users and nonusers to Facebook Ireland (e.g., ‘synchronizing’ mobile phones, importing personal data from e-mail providers, importing personal information from instant-messaging services, sending invitations to friends, or saving search queries when users search for other people on facebook.com).”
“Even commercial users that have a ‘page’ on facebook.com have the option to import their costumers’ e-mail-addresses to promote their page.”
“By gathering all this information, Facebook Ireland is creating extensive profiles of nonusers and it is also enriching existing user profiles. This is done in the background without notice to the data subject (‘shadow profiles’); the user or nonuser is experiencing only some of the result of these shadow profiles: there are “friend” suggestions by Facebook Ireland based on the information, or nonusers get invitations showing many users that they actually know in real life.”
“This means that Facebook Ireland is gathering excessive amounts of information about data subjects without notice or consent by the data subject.”
Here is a link to europe v. facebook.org, ironically, a Facebook page devoted to Schrem’s attempt to challenge Facebook Ireland. As of this writing, it has only 600 fans.
“The allegations are false,” Andrew Noyes, Facebook’s manager of public policy in Washington, D.C, said in a statement replying to CNET’s request for comment. He elaborated on the company’s handling of deleted information, a key aspect of the data infractions cited in the complaint.
“We enable you to send e-mails to your friends, inviting them to join Facebook. We keep the invitees’ e-mail address and name to let you know when they join the service. This practice is common among almost all services that involve invitations–from document sharing to event planning–and the assertion that Facebook is doing some sort of nefarious profiling is simply wrong. In addition, Facebook offers more control than other services by enabling people to delete their e-mail address from Facebook or to opt-out of receiving invites.”
“Also, as part of offering people messaging services, we enable people to delete messages they receive from their inbox and messages they send from their sent folder. However, people can’t delete a message they send from the recipient’s inbox or a message you receive from the sender’s sent folder. This is the way every message service ever invented works. We think it’s also consistent with people’s expectations. We look forward to making these and other clarifications to the Irish DPA.”
Laura Locke is a senior writer for CNET covering social media, emerging trends and startups. Prior to joining CNET, she contributed extensively to TIME and TIME.com for much of the past decade.
DISCLAIMER: The statements, views and opinions expressed in pieces republished here are solely those of the authors and do not necessarily represent those of TMS. In accordance with title 17 U.S.C. section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. TMS has no affiliation whatsoever with the originator of this article nor is TMS endorsed or sponsored by the originator. “GO TO ORIGINAL” links are provided as a convenience to our readers and allow for verification of authenticity. However, as originating pages are often updated by their originating host sites, the versions posted may not match the versions our readers view when clicking the “GO TO ORIGINAL” links. This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a ‘fair use’ of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml. If you wish to use copyrighted material from this site for purposes of your own that go beyond ‘fair use’, you must obtain permission from the copyright owner.
Click here to go to the current weekly digest or pick another article:
- Two Years after Assange's Arrest, Biden Can End Trump's Assault on Press Freedom
- Assange Prosecution Launched by Trump Justice Department Will Continue under Biden
- The Biden Administration’s Continued Push for Julian Assange’s Extradition Is Bad News for Journalism