Back in early April, Mark Zuckerberg testified in front of Congress about the Cambridge Analytica incident, explaining to a panel of legislators exactly what happens to user data and how Facebook tracking works. Later, the company was accused of tracking even those Internet users without Facebook profiles.
In them, the social media giant explained more about how ad targeting works, how Cambridge Analytica was handled and what Facebook policies are in place when it comes to protecting user data. However, the most important question and the one Zuckerberg was most evasive about in his testimonies is “Does Facebook have shadow profiles?”
Facebook was accused time and time again about keeping so-called “shadow profiles”, which meant the company was tracking even those Internet users without a Facebook profile. Now, we have a full, official statement saying that Facebook shadow profiles are not a thing:
“When the person visiting a website featuring Facebook’s tools is not a registered Facebook user, Facebook does not have information identifying that individual, and it does not create profiles for that individual.
We use the browser and app logs that apps and websites send to us—described above—in the following ways for non-Facebook users. First, these logs are critical to protecting the security of Facebook and to detecting or preventing fake account access. For example, if a browser has visited hundreds of sites in the last five minutes, that’s a sign the device might be a bot, which would be an important signal of a potentially inauthentic account if that browser then attempted to register for an account.
Second, we aggregate those logs to provide summaries and insights to websites and apps about how many people visit or use their product, or use specific features like our Like button—but without providing any information about a specific person. We do not create profiles for non-Facebook users, nor do we use browser and app logs for non-Facebook users to show targeted ads from our advertisers to them or otherwise seek to personalize the content they see. However, we may take the opportunity to show a general ad that is unrelated to the attributes of the person or an ad encouraging the non-user to sign up for Facebook.
When the individual is a Facebook user, we are also able to use this information to personalize their experiences on Facebook, whether or not they are logged out, but we will not target ads to users relying on this information unless the user allows this in their privacy settings. We do not sell or share this information with third-parties.”
With the General Data Protection Regulation in place, it seems that Facebook is now forced to adopt a more transparent policy, else it risks serious consequences, not just the inconvenience of providing testimonies. The company was already sued for $8.8 billion for privacy infringements in Europe.