Revelations about the chaotic situation with user data management in Meta, Facebook’s parent company, have sparked concerns in Europe.
A letter sent by the ICCL (Irish Council for Civil Liberties) to the EU Commission warns that Meta’s practices concerning user data cannot be compatible with data protection laws applicable in the EU, including the GDPR and DMA.
ICCL examined thousands of pages in unsealed court documents from ongoing data privacy litigations in the United States, which reflect that Meta doesn’t even know what exactly happens with the data it collects.
Characteristically, when Meta was ordered to produce information about how the 149 distinct but interconnected data systems it uses operate exactly, it declared its inability to give a satisfactory answer.
This came after a full year of Meta’s internal investigation of these systems, failing to clarify the type of data collected by its various business units, how it is processed, and for what purpose.
At some point, Meta confirmed that at least 55 of these data systems might contain sensitive user data. However, the data management network is so fragmented and simultaneously convoluted that even the engineers working on it have limited visibility of what is happening.
In March 2022, a Meta engineer stated that even engineers directly involved may not be able to understand what is happening to the data because “it is impossible for humans to understand.”
Meta has previously attempted to itemize its data uses and categorize all processing for tighter control, but it has failed