It’s 10PM, do you know where your Facebook [user] data is?

Over the past two weeks, Facebook has been hit with one blow after another, as collection, storage and sharing of customer data has been scrutinized and publicized. Starting with the Cambridge Analytica scandal, it became apparent that Facebook failed to protect user data, enabling harvesting and selling user data without consent. Facebook offers users privacy controls that are supposed to limit who has access to their data as well as what they can do with it. Interestingly, while Facebook mentions the data collected and shared within their privacy policy, what appears to be missing is how long they store information for, or the controls in place to ensure data is secured and policies enforced.

Facebook: What went wrong?

A psychology professor named Aleksandr Kogan was paid by Cambridge Analytica to create a personality app to aggregate data from Facebook users. Research performed by a separate researcher Michal Kosinski, indicated that Facebook ‘likes’ indicate a significant deal about a person. Cambridge Analytics was interested in harvesting this data and using it for personalized persuasive ads. The personality app required users to log in to Facebook to take a personality quiz. Once logged in, the app accessed all profile data, including what the person ‘liked.’ 270,000 users took the quiz. However, Facebook’s API’s allowed the app to collect information about each of those user’s friends, ultimately enabling the harvesting of about 50 million Facebook users.

But there’s more

When people downloaded their Facebook data and reviewed at it, they noticed phone call and text message records were included in the data – recipients and initiators of calls and texts, timestamps, and length of phone calls. These calls weren’t made using Facebook or Messenger – they were made on the phone that the messaging app or a lighter version of its main Facebook app was downloaded on.

It turns out, Facebook stores call and message metadata on some Android phones – data about the calls and messages without ever notifying the user; this includes who the call or message is exchanged with, the time calls are made or received or messages are sent or received, and length of calls. While Facebook claims the app requests user consent to sharing address book and contacts, what is missing is clear, precise notification on the nature of data and metadata collected, as well as consent from the person on the other side of the call or message.

Expectations of Privacy and Security: User Data

Apps should collect the minimum user data they need to perform and provide service to their customers, with full transparency to end users on what is collected, what it is used for, and how long it is stored for. KoolSpan outlines our privacy policy clearly. We only store the minimum user metadata required and purge it regularly and frequently. We clearly define what we do and do not do with customer data, and we never ever harvest, share or sell customer data. If customers prefer not to share any data with KoolSpan, they can host their own infrastructure on-premise and retain and secure their own data – never providing KoolSpan access.

Ayelet Wiedermann

Ayelet is an experienced digital marketing professional with extensive background in developing and implementing creative and diverse marketing solutions. In her role as Director of Marketing, Ayelet is responsible for all marketing related functions to advance the company’s corporate marketing, positioning, product marketing, channel marketing and lead generation.