While researching this full page news-feature for The Sunday Times, I spoke to the Austrian privacy campaigner Max Schrems, of the group Europe v Facebook.
He told me that he first became interested in Facebook’s policies when he realised the extent to which the social media giant’s tactics appeared to conflict with European privacy laws.
To demonstrate the huge amount of information held for each user, he requested a copy of all of his private data held by the company under data protection laws. Printed out, it formed 1,222 sides of A4 paper – and much of the data held he thought he had deleted. It wasn’t deleted, it was only hidden from view.
Check out his campaign: http://www.europe-v-facebook.org.
Full text on the Sunday Times website here, or after the fold.
Not on Facebook? It still has a fix on you
The social-networking site accumulates information about non-members without their knowledge or consent and tracks users’ online browsing habits
When James Hay was invited to join Facebook by an old university acquaintance on Friday, he began tapping in his registration details with a hint of trepidation.
Having ignored the social networking behemoth for several years, Hay, 27, figured he would be a “Billy no-mates” and it would take him months to build up a collection of online friends.
Yet within seconds of keying in his email address Hay, who works for a television production company in London, was surprised to be sent a list of 45 people he might know.
“It felt as if Facebook already knew a whole load of stuff about me before I had even signed up,” he said. “It was spooky.”
It transpires that the company, which boasts 800m users worldwide, has been accumulating information about people who have not even joined the site — and without their knowledge or consent.
Many who are invited to sign up receive a list of suggested friends before they even hand over any personal details.
These so-called “shadow profiles” are mainly the result of two key actions by Facebook. The site stores names that are searched for by existing users. If someone is not already on Facebook, they could be alerted to who was looking for them when they do eventually sign up.
The company also encourages users to synchronise the contacts in their email address books with their Facebook account. This instantly gives the company access to that user’s full list of real-life friends and acquaintances.
The acquisition of such information about non-users is now being investigated by Ireland’s Data Protection Commissioner (IDPC) as part of a series of complaints about Facebook’s practices that challenge whether it has breached European privacy laws.
The amount of data the company holds relating to actual users — 29m of whom are in Britain — can stretch to hundreds of pages.
Facebook retains every IP address from which a user logs on to the site, helping the company to identify home and work computers for each user.
It also stores indefinitely messages that have been deleted, friend requests that have been rejected and contacts who have been “defriended”. Invitations to events that have gone unanswered — let alone attended — are also retained.
Metadata from uploaded photographs provide Facebook with an exact time, date and latitude and longitude from when they were taken. Even deleted photo “tags” — identifying those pictured — are kept.
When Max Schrems, 24, an Austrian law student, persuaded Facebook to release the information it had stored on him over three years, he was handed 1,222 pages of data on a CD. Much of the information had been retained even though he had deleted it from his online profile.
“If the post office opened, scanned and analysed every letter that came through and never deleted it, everyone would freak out,” said Schrems. “That’s exactly what Facebook is doing with our messages. It is collecting masses of data in the background and can even get information on non-users from their friends’ profiles.
Schrems has set up an online campaign group called Europe v Facebook which has lodged 22 separate complaints with the IDPC. Ireland is where Facebook has chosen to base its European headquarters, partly because of the country’s favourable tax rates.
Concerns have also been raised over Facebook’s use of facial recognition technology, which can automatically identify people in uploaded photographs — regardless of whether they wish to remain anonymous.
Recently it emerged that Facebook, founded by Mark Zuckerberg and his classmates at Harvard University in 2004, has been receiving information about users’ online activities even when they have logged out of their accounts.
This is because Facebook automatically puts files known as “cookies” on your computer to track your browsing habits. For sites that connect to Facebook — for example, through a “like” button — information from the cookies is sent back to the company. However, it claims that it does not log such information and uses it only for security purposes.
The company insists that it operates within Irish and European Union data protection law and does not pass on information to advertisers.
A spokeswoman said non-users could go to the Facebook site to request the deletion of any information about them that the company might hold.
“We do not create profiles of those who have not yet chosen to use Facebook,” she said.
“We are committed to being transparent about the data we hold and all Facebook users have the ability to download their data.”
Critics regard such developments as sinister and intrusive and a further example of a growing “surveillance society”.
Google, the internet giant, was forced to apologise when it emerged that vehicles used to compile information for its Street View service had inadvertently collected householders’ private data via wi-fi.
Last week a report by Justice, the civil liberties group, revealed that 3m snooping operations had been carried out in the past decade under the Regulation of Investigatory Powers Act. It claimed mass surveillance was now “routine”.
Many of the missions were carried out by councils and used to target people who drop litter or fail to recycle properly, as well as a couple who were wrongly suspected of cheating school catchment area rules.
“It’s a common misconception that excessive surveillance is the sole preserve of non-democratic regimes,” said Emma Draper of Privacy International. “There is plenty to be deeply concerned about here in Britain.”
Additional reporting: Peter Newlands, Ellie Prowse