Zuckerberg At It Again
Back in 2019 the Wall Street Journal published an article alleging that Facebook was secretly gathering your personal sensitive information from from other app developers. They reported that the company had been receiving sensitive personal user data from at least 11 popular mobile apps. The information they were getting included blood pressure readings, menstrual cycles, heart rates, even pregnancy statuses. That's wrong for so many different reasons.
The apps include Disconnect Inc, Flo Period & Ovulation Tracker, HR Monitor (most popular heart-rate app), Realtor.com, BetterMe: Weight Loss Workouts, Azumio, and Breethe Inc.
The technical details behind exactly how it all works is way beyond my understanding, so I'll let WSJ explain:
Apps often integrate code known as software-development kits, or SDKs, that help developers integrate certain features or functions. Any information shared with an app may also be shared with the maker of the embedded SDK. There are an array of SDKs, including Facebook’s, that allow apps to better understand their users’ behavior or to collect data to sell targeted advertising.
So it looks like Facebook didn't set out on an evil quest to purposefully steal your sensitive data...they've just been receiving the data from third party app developers accidentally. But they made no effort to stop it, and they even went as far as matching this dubiously obtained sensitive data to the user's social media accounts so that they can develop targeted ads. How fucked up is that?
The New York State Department of Financial Services released their Report on Investigation of Facebook Inc. Data Privacy Concerns yesterday. It didn't really tell us a whole lot other than Facebook fucked up, and they say they're trying. Here are some key takeaways:
Facebook has repeatedly inicated its willingness to cooperate fully with the Department so that DFS could conduct its investigation. Facebook's record on living up to that commitment, unfortunately, has been mixed.
NYSDFS Report (page 7)
You will not share Customer Data with us that you know or reasonably should know is from or about children under the age of 13 or that includes health, financial information, or other categories of sensitive information (including any information defined as sensitive under applicable law).
Facebook's business tools term
The information provided by Facebook has made it clear that Facebook's internal controls on this issue have been very limited and were not effective an enforcing Facebook's policy or preventing the receipt of sensitive data.
NYSDFS Report (page 7)
In conclusion: Facebook gets your sensitive data in a shady way, breaking their own policies. Uses that data to develop ads targeted specifically at you. And then have the BALLS to pretend like they are making an effort to block that kind of data from being shared with them. They're one of the biggest tech companies on the planet, you mean to tell me you don't have the capabilities to ensure that the sensitive data of your customers, like pregnancy statuses, are secure? Get out of my face, Zuck.