Facebook apparently no longer knows what it is doing with the data of its users. That’s according to an internal document obtained by Motherboard.

In 2021, Facebook had around three billion users worldwide. The amount of data that the network processes every day is almost unimaginable.

No idea of what really happens with this data, however, has Facebook itself. As Motherboard reports, data protection experts from the Ad and Business Product Team admit this in an internal report.

We don’t have a reasonable level of control and explainability over how our systems use data.

Facebook apparently doesn’t know how to deal with privacy regulations

The company is facing a “tsunami of new regulations, all of which are fraught with uncertainty,” according to the leaked document.

In doing so, Facebook cannot make “promises such as ‘we will not use X data for Y purposes,'” it adds. The “fundamental” problem is that the network does not know exactly where the data of its users go and what exactly it does with it.

The data protection experts describe the problem in their report as follows: “Facebook systems fundamentally lack closed properties.

We have built systems with open boundaries. The result of these open systems and open culture can be well described with an analogy: imagine you are holding an inkwell in your hand. That inkwell is a mixture of all kinds of user data. You pour this ink into a lake of water … and it flows … everywhere. How do you put that ink back in the bottle? How do you organize it again so that it only flows to the allowed places in the lake?

Does Facebook violate the GDPR with this?

The General Data Protection Regulation stipulates that personal data may only be “collected for specified, explicit and legitimate purposes and may not be further processed in a way incompatible with those purposes.”

According to legal experts, the leaked document shows “that Facebook may not even have the ability to restrict how it handles its users’ data,” Motherboard adds.

The document raises the question of whether Facebook is able to comply with data protection regulations on the whole.

It says this is particularly questionable due to the large amount of data collected and where it flows within the company.

An ex-employee confirms the research

Motherboard also quotes a former employee in its report, who describes the leaked document as “very clear.”

According to the document, Facebook has “a general idea of how many bits of data are stored in its data centers.” However, the part where the data goes is essentially “a complete shitshow.”

It gives them an excuse to keep so much private data, simply because with their size and business model and infrastructure design, they can plausibly claim they don’t know what they have.

How is Facebook responding to the allegations?

A spokesperson for the company has denied to Motherboard that the group is not complying with privacy regulations.

Considering that this document does not describe our extensive privacy compliance processes and controls, it is simply not accurate to infer non-compliance.

Facebook has “extensive processes and controls to manage data and comply with privacy regulations.”