Facebook: Where “Delete” is a Dirty Word

It only takes a moment’s thought to realize Facebook stores a fair amount of personal data about its users. But one man has made a formal complaint after discovering the site had kept more than a thousand pages of information about him, even though he’d “deleted” most of it.

Austrian Max Schrems has complained to the data protection commissioner in the Republic of Ireland: that’s because Facebook’s European operations are based in the country. The commissioner’s office is now investigating 22 separate allegations by Schrems that the data file breached regulations. If the case leads to criminal action, it could mean a maximum fine of €100,000 (around US$139,000.)

Schrems made the discovery after an exchange trip to California where he heard a Facebook executive give a lecture. That sparked him to exercise his rights under European regulations to get a copy of all data stored about him by a company operating on the continent. Facebook mailed him a CD containing the data, which Schrems has now published online, with personal details blanked out.

While Schrems believes the details he was given are not the complete set of data, the amount of information is staggering. It falls into 57 categories and, to put it simply, it’s safest to assume that everything you’ve ever typed, clicked or viewed has been recorded forever, even when you’ve specifically deleted it.

But even with that philosophy in mind, there are still some details you might not expect to be listed:

  • e-mail addresses linked to you, even if you’ve never submitted them and instead another users has imported it from their own address book;
  • details of every event you’ve been invited to, even if you declined the invitation or simply didn’t respond;
  • every friend request you’ve received, even if you rejected it;
  • details of every time you logged into Facebook, including the IP address you used;
  • details of pictures in which you have been tagged, even if you’ve explicitly untagged it (in this case the information is “deactivated” not deleted);
  • lists of every Facebook friend you’ve ever had, even those you’ve “unfriended”; and
  • everything posted on your wall, including posts you’ve deleted.

Schrems also notes this is far more detail than is available through Facebook’s own utility for users to download a “personal archive” of their activity through the site, rather than making a legal request. Facebook said it only provided personal data, in line with the law governing such requests, and that it is not obliged to share other information with a user.

It should be noted that Facebook’s own terms of service allow it to use data even after a user deletes their account. Of course, while that’s a contractual agreement between Facebook and the user, it doesn’t necessarily override laws or regulations.

6 Responses to Facebook: Where “Delete” is a Dirty Word

  1. Well if THAT story doesn't convince you to leave Facebook, NOTHING will. I for one got the hell out of there when I found out about their privacy issues and their sneaky, invasive tactics. Google+ for the win! <3

    • I echo the sentiment, but we're operating under an assumption that Google isn't doing the exact same thing, more or less. Google's had it own share of privacy concerns in the past.

    • Ummm I'd bet you a paycheck that Google is doing the exact same thing. The difference? Google is the middle man between your data and advertisers. What Google is selling is the ability to target your ads to a person's data, not the data itself. Also while Google has that data the way they randomize it is insanely difficult to back track to a specific server.
      Facebook on the other hand has multiple instances of not giving a crap about your personal data. Several instances of people's cell numbers, and personal info being harvested, and what was Facebook's response…. basically…how dare they not go through us….read: not pay us for that.

  2. "details of pictures in which you have been tagged, even if you’ve explicitly untagged it (in this case the information is “deactivated” not deleted);"

    Reason: Facebook stops people from re-tagging you.

    While, Yes it is shocking how much information Facebook keeps on you, I'd assume other companies are doing the same.

    The reason I prefer Google to Facebook (as companies) is that they are more transparent with what data they have and how it is used. Not to mention Google uses that information to help you, not *just* to make money.

  3. Wait. So he is freaking out that a site is tracking what you do on….wait for it…..their site. O_O OK. They can collect whatever logs they want. Its like walking into a mall and getting indignant that there are so many CCTV cameras in there….wot!?!?

  4. "details of every time you logged into Facebook, including the IP address you used"

    I think any and all websites you visit have this information on you.. any site you actually have to log into has this information *and* can tie it to you as an individual.

    Get your tin foil hats on!!

    (p.s. am posting this from Facebook so I can be sure it is recorded forever)

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.