Meta’s Data Privacy Problems: A Cautionary Tale

Blog / Meta’s Data Privacy Problems: A Cautionary Tale

Even Facebook doesn’t know where user data goes.

A recently leaked internal report from Facebook, Meta’s flagship service, shows the social media giant’s own data engineers can’t say with any real certainty where their users’ data is stored.

If you’ll stand for a bit of editorializing, it’s ironic that the company known for data privacy scandals and selling personal information is now itself the victim of an internal data leak. However, Motherboard’s recent revelations of how even Facebook’s own privacy engineers don’t know how private data is used or where it goes isn’t just a source of schadenfreude for some; it serves as a cautionary tale to businesses and organizations of all sizes about the difficulties and costs of not handling data properly.

First, Some Context

To sum this debacle up, back in 2021 Facebook’s data privacy engineers put together a document detailing gaps in the company’s knowledge of how its users’ data is being is being used and stored, and the picture they painted wasn’t pretty. According to the report there are huge gaps in Facebook’s “data lineage,” an internal term used to describe where data comes from and where it winds up going. In simple terms, even though they have an enormous amount of information about their users, they can’t reliably say how they got it, where it goes, or how it’s used. The report uses an ink and water analogy to get it’s point across. Think of your data as ink and Meta’s data warehouse network as a lake; when you pour the ink into the lake, it spreads out and winds up everywhere and similarly, when Meta learns something about you, that ink blot of data spreads out across their network. It’s an excellent way of visualizing the situation as long as you don’t confuse their lake analogy for real data lakes, which are actually a valid form of data architecting.

There’s an international angle to all of this as well; Facebook’s laissez-faire attitude towards personal information is poised to run afoul of new privacy legislation the world over. Indeed, it’s the headline worthy, attention grabbing quote “tsunami of privacy regulations” that articles about the topic are focused on. As existing legislation evolves and new legislation is written, it’s clear that Facebook is embarrassingly unprepared for the consequences of its own bad behaviour, for indeed, one has to wonder if these new troublesome regulations would even be a problem had Facebook committed to a clear, focused, and robust data management strategy that protected users’ privacy from the outset.

What does it mean for you?

Before we get started, let’s be clear; enjoying Facebook isn’t inherently bad and we’re not here to shame anyone other than the Meta IT executives that allowed this situation to develop, so keep on clicking those “like” buttons, and we’d be delighted if follow us there or even better, on LinkedIn. That doesn’t mean there aren’t a few things to learn from it though.

First and perhaps most obvious, this story highlights the importance of compliance and the need to be sure you’re abiding by the rules anywhere you operate. Few businesses gather and store as much personal information as Facebook, and although part of Meta’s problem is the sheer volume of data they collect, as far as regulators are concerned, it’s not the size that matters but rather how you use it that counts. For example, the EU’s General Data Protection Regulation (GDPR) doesn’t care how many email addresses you store, but that they’re not being repurposed; don’t go into your maintenance contact list and start sending promotional materials.

Data privacy is all about trust

Secondly, while a business as large and sprawling as Meta likely tends to its own IT needs, most SMBs simply lack the same resources. Instead, they rely on Managed Service Providers (MSPs) like TRINUS to configure and maintain much of their IT infrastructure and security. But when you do that, you give away a frightening amount of power over your digital resources to a 3rd-party. If you’re going to give an outside organization that much influence over your business operations, you need to know that they’re competent, knowledgeable, and trustworthy.

It’s not just about compliance and operational regulations though. Your clients need to be able to trust that you’re not going to lose or misuse their information as well. People love to hate the big guy, but it’s not their success that made Facebook the face of the big tech’s privacy problems; it’s their long history of past breaches and casual disregard for the damages done by data misuse that has made the world more wary and weary of social media. Does your business have the clout to be able to survive your clients’ learning you’ve abused their private data for financial or material gain? Wouldn’t it be better to never have to answer that question to begin with?

A related reminder

The internet is a wonderful yet dangerous (wonderfully dangerous?) place, and while Meta’s woes with wrangling user data back under their control serve as an excellent example for SMBs about how not to handle their data warehousing or compliance issues, it should also serve as reminder to the rest of us about data privacy best practices both in our working lives as employees and in our personal lives. Many of the digital tracking tools used by marketers and ad firms go far deeper and know much more about us than we’d like. Third-party cookies, for example, seem to be on virtually every website, and yet are square in the sites of privacy advocates and regulators for being too invasive. That’s one of the reasons Safari and Firefox have already started blocking some, and Google has plans for it’s browser, Chrome, to start blocking them in 2023. It’s also another reason why, unless it’s a site you regularly visit, you might want to consider actually managing your cookies instead of just clicking “Accept All.”

It’s not just cookies either though. All those memes asking about pets’ names and friends’ birth months? Those are likely phishing scams. Admittedly, this is less about SMB responsibilities or Facebook’s data mismanagement than it is about safer browsing practices, but it illustrates the same important point. Protecting privacy isn’t a task to accomplish or a process you commit to; it’s a state-of-mind that should inform all of your online interactions, always.

If have questions about private data best practices, or if you’d like more information about TRINUS’s secure Cloud Storage services and security standards, contact one of our IT experts for some stress-free IT today.





/Partners /Systems /Certifications

TRINUS is proud to partner with industry leaders for both hardware and software who reflect our values of reliability, professionalism and client-focused service.