“When Location Services is off, Facebook may still understand people’s locations using information people share through their activities on Facebook or through IP addresses and other network connections they use,” Facebook Vice President and Deputy Chief Privacy Officer Rob Sherman told Sens. Josh Hawley (R-MO) and Chris Coons (D-DE) in a December 12 letter.
The eight-page letter responded to a November 19 request for information from the two lawmakers about the tech giant’s “privacy practices concerning location information,” which was, in turn, a response to a September 9 bulletin by Facebook announcing “updates to your device’s location settings.”
“Location data is among the most sensitive personal information that a user can share with a company,” the lawmakers noted in their letter. “If the user has decided to limit Facebook’s access to his or her location, Facebook should respect these privacy choices.”
“The language in the blog post, however, indicates that Facebook may continue to collect location data despite user preferences, even if the user is not engaging with the app, and Facebook is simply deducing the user’s location from information about his or her internet connection. Given that most mobile devices are connected to the internet nearly all the time, whether through a cellular network or a Wi-Fi connection, this practice would allow Facebook to collect user location data almost constantly, irrespective of the user’s privacy preferences,” the lawmakers mused, adding a list of questions giving Facebook the opportunity to assuage their fears.
However, the Thursday response instead confirmed their worst fears.
“By necessity, virtually all ads on Facebook are targeted based on location, though most commonly ads are targeted to people with a particular city or some larger region,” the company wrote. “Otherwise, people in Washington, DC, would receive ads for services or events in London, and vice versa.”
“Facebook admits it,” Hawley said in a December 17 tweet following the letter’s publication. “Turn off ‘location services’ and they’ll STILL track your location to make money (by sending you ads). There is no opting out. No control over your personal information. That’s Big Tech. And that’s why Congress needs to take action.”
“I appreciate Facebook’s attempts to inform users about their privacy choices. However, I am concerned that these efforts are insufficient and even misleading in light of how Facebook is actually treating user data,” Coons told CNBC in a Tuesday statement. “In their response to our letter, Facebook confirmed that there is no way for users to prevent Facebook from using their location and serving them ads based on that information, even when location access has been turned off.”
“Facebook claims that users are in control of their own privacy, but in reality, users aren’t even given an option to stop Facebook from collecting and monetizing their location information,” he continued. “The American people deserve to know how tech companies use their data, and I will continue working to find solutions to protect Americans’ sensitive information.”
Beginning with the 2017 Cambridge Analytica scandal, Facebook has repeatedly been revealed to be either tracking or permitting the tracking of users’ personal information. British political consulting firm Cambridge Analytica collected the information of some 87 million users via use of several apps, the vast majority of whom were third-party users who were never given the chance to consent. A New York Times investigation published in December 2018 revealed that Facebook itself had sold access to roughly 2.2 billion users’ data to more than 150 firms - again, despite the fact that some of those users had opted out of all sharing.
"They know that their PR, that their position in terms of public relations, is awful,” web developer and technologist Chris Garaffa told Sputnik at the time. “They know people are watching them. They know that every story that comes out like this is going to drive users away, and we are the product, in terms of Facebook."