Accessibility links

Breaking News

Column: How Much of Your Privacy Does Facebook Own?

FILE - Facebook logo on a computer screen is seen through glasses held by a woman.
FILE - Facebook logo on a computer screen is seen through glasses held by a woman.

If you spend time on Facebook, it’s a good bet you’ve seen something like this in at least one of your friend’s timelines – perhaps even this week.

“Due to the fact that Facebook has chosen to involve software that will allow the theft of my personal information…” it begins; the first of several paragraphs citing jumbled law precedents.

The money line is the third graph. “The content of my profile contains private information. The violation of my privacy is punishable by law (UCC 1-308 1-308 1-103 and the Rome Statute.)” Which is odd, because you’re fairly certain your friend has no idea what the “Rome Statute” actually is.

Not that it matters. This supposed effort is meant to protect your privacy and prevent Facebook from doing whatever they wish with your photos and contacts and other data has no meaning at all.

“The law just doesn’t work that way,” writes the myth-busting website Snopes. Journalists have been trying to beat back this urban legend for years to no avail. It keeps popping back up, in part because people still want to believe they can seize control of their privacy and prevent Facebook from mining what they’ve posted.

But largely, they can’t, analysts say.

“You just have to look at the terms of service on Facebook which clearly states they also own your data,” said Raegan MacDonald, European policy manager for the digital privacy rights group Access.

“While there may be different levels of protection or control you may have, they have quite a bit of ownership over your personal data,” she told VOA.

So, just how much of our private lives does Facebook own – or, at the least, have a license to use for their purposes? Turns out, quite a bit.

“You’re the product”

“The minute you create a Facebook account and login, you’ve just given away any right to privacy of anything you do there,” said Shaun Murphy, the CEO of, the soon-to-launch digital privacy firm that was founded, in part he says, to counter pervasive data-mining intrusions by Facebook and other firms.

Murphy often characterizes the intrusions as “creepy.”

“Just recently I was listening to a new streaming radio service,” he said. “I had put in preliminary information just to log in, and one of the ads served up had my name. ‘Shaun is an IT guy…’ and that was super creepy. I deleted it and never wanted to use it again.”

There are basically two types of services you can find online, and which type you use has a major effect on how much your privacy is protected.

The first are sites that guarantee to guard your private data, and keep it private, right up front. You can retain exclusive copyright for any images, or ownership of anything you write.

But, Murphy said, it’s going to cost you.

“That’s their business model – they’re marketing your privacy,” he said.

The second are sites like Facebook that can offer a huge range of services all for free.

“All these social media sites out there that give you all these wonderful, shiny features and photo-sharing – they’re absolutely, completely free,” he said. “But ask: ‘Why are these sites doing it for free?’ They’re grabbing your information. From that perspective, if the service is free, you’re the product and you should be expected to be used as a product.”

Privacy expert MacDonald agrees.

“These services are not really free. We’re paying with our personal data. That understanding creates a different mentality when entering these terms of service agreements,” she said.

Just how much of your private data posted on Facebook do they own?

According to the Facebook terms of service agreement, they claim license to use posted data such as images and the like for their purposes worldwide. As Facebook spokesman Matt Steinfeld points out, the legal claim of “license” granted by the user is not Facebook’s assertion of copyright.

“When you post content on Facebook, or any information, you own that content,” Steinfeld said. “We have to have your legal permission to share that content. You retain ownership of that. So if you delete that content, we delete it from our servers and we have no rights to it beyond that point.”

True enough, but that’s not to say that Facebook doesn’t also use that license to generate revenue.

When users grant Facebook that license, the company asserts the legal right to do largely what they want with it. That, said Murphy, can include mining it for information points about the user, using the images for marketing, or providing data to advertisers – a major source of revenue for the company.

In other words, you agree to let them use your data as if they own it as long as you’re using Facebook.

This legal line between license and ownership can yield unusual results.

For example, during a European legal challenge to Facebook’s privacy policies it was revealed the firm argued that parts of your data – the things you post – are “trade secrets” and Facebook’s own intellectual property.

“That’s an interesting concept, because it means what is your personal data – what is supposed to be yours – Facebook is claiming intellectual property rights over,” MacDonald said.

The ultimate opt-out

Facebook offers users different layers of privacy in terms of who can see and share their posts. Also, depending where the user lives, there may be additional layers of governmental protection about data-mining and portability.

For example, users in the European Union and some other locations have the right to demand Facebook provide, on request, everything that user has ever posted, said or done while on Facebook.

That means anyone looking to permanently leave Facebook would still retain their data. Another area of governmental debate is whether users should have the so-called “right to be erased” – meaning that their activity and associated data could be wiped clean at their request.

Facebook spokesman Matt Steinfeld said that while Facebook provides data about users to advertisers, your specific identity is never shared.

“We show ads on Facebook without telling an advertiser who you are,” he told VOA.

And, says Private Giant’s Shaun Murphy, there is another layer of potential protection, “but it’s the thing nobody wants to do.” Namely, thoroughly reading each company’s terms of service agreements before clicking the “Agree” button.

“Take a look at the data retention – if you delete something, how long do they keep it?” Murphy asked. “If they’re vague and use weasel words, that’s something you probably don’t want to use.

But in the end, if you just don’t want Facebook accessing any of your personal contacts, private messages or photographs to monetize any way they see fit, there’s only one sure-fire option.

“They do have one ultimate opt-out option: it’s called deleting your account,” said Murphy. “If you don’t want this to happen, you can sign out and never go back. That’s your option.”

And for some, like Access’ Raegan MacDonald, that’s just not good enough.

“The solution cannot be as simple as either you do not participate in the online world which means not using Facebook, not using social networks, or the Internet for that matter, or giving away all of your privacy,” she said. “It’s important to support legislation that would reign in some of the practices and would ensure more control over personal data.”

  • 16x9 Image

    Doug Bernard

    Doug Bernard covers cyber-issues for VOA, focusing on Internet privacy, security and censorship circumvention. Previously he edited VOA’s “Digital Frontiers” blog, produced the “Daily Download” webcast and hosted “Talk to America”, for which he won the International Presenter of the Year award from the Association for International Broadcasting. He began his career at Michigan Public Radio, and has contributed to "The New York Times," the "Christian Science Monitor," SPIN and NPR, among others. You can follow him @dfrontiers.