Facebook and Broken Promises of Data Protection

Samiksha UniyalLaw

Facebook and Broken Promises of Data Protection

Gone are the days when only currency and jewels were considered valuable assets. The 21st century is witnessing growth in the value of data. But are we concerned about the protection of our data? The deliberate answer may be ‘yes’ but technology has spun such a thick web around us that absolute data protection is a distant dream. The presence of social media platforms has made this task even tougher. It will be wrong to attribute the failure to only the end-users. Over the years, we have seen that even platforms like Facebook have miserably failed to protect users’ personal data.

The concerns of data protection and privacy have been associated with Facebook since its inception. Mark Zuckerberg, faced allegations of stealing the idea for developing the platform from Tyler and Cameron Winklevoss and hacking the email accounts of two private users. Presently, Facebook claims to invest all possible efforts to protect its users’ personal data and privacy and provide a secure environment on its platform. However, past instances paint a very dull picture. In this article, we take a look at incidents where Facebook failed to protect the personal data of its users.

1. Non-consensual user behaviour analysis

In 2008, Facebook was alleged of publishing analysis of user behaviour without obtaining their consent. Facebook also faced allegations for violating anti-hacking and wiretap laws in 2008.

2. Cambridge Analytica Scandal

The voting power of the people is one of the prominent characteristics of a democracy. The more unbiased voters, the more successful a democracy is. The problem arises when voters get manipulated by misinformation or specific advertising. It influences their voting patterns and impacts the final outcome. This has already happened in US Presidential Election and Brexit Plebiscite in 2016.

Cambridge Analytica is a political consulting and strategic communication firm. Through a personality quiz application called thisisyourdigitallife, they had access to personal data of 87 million Facebook users. The information available with Cambridge Analytica included religious beliefs, political choices, sexual orientation, etc. Five years before this incident, reports in 2011 disclosed how third parties could access personal data of Facebook users.

This incident had spurred a political roar in India as well. In 2018, Christopher Wylie, the whistleblower of the Cambridge Analytica incident, had accused the Indian National Congress in the UK’s House of Commons. He stated that they took assistance from the firm in their election campaign. However, an inquiry on this issue has not provided any convincing evidence. In January 2021, CBI filed an FIR against the firm for accessing personal data of Indian users without their consent. Whether the firm will be liable for its actions is something that we will see in the near future. Meanwhile, the #deletefacebook movement emerged on social media as a response to the Cambridge Analytica incident. Under this campaign, users delete their Facebook account and use this hashtag to share the update through other platforms like Twitter.

To read more about the Cambridge Analytica incident, you can check this article.

3. Data scraping through Facebook

In April 2021, a user published personal information of about 533 million Facebook users on a low-level hacking website. This information included full names, phone numbers, emails, addresses, Facebook IDs, birth dates, etc. This data was available for a while, and Facebook never gave a substantive clarification. Before this incident, 419 million records of users’ phone numbers were leaked along with their Facebook IDs in 2019.

4. Harvesting email contacts of new users

In April 2019, a Business Insider report revealed that Facebook had harvested email contacts of 1.5 million users without their consent. They found that Facebook was asking for email passwords when new users were signing up on the platform. If a user entered their email password, a message popped up which read as importing your contacts. For this, Facebook did not ask for any permission or explicit consent.

5. Inconsistent handling of user data

Six4Three filed a case against Facebook in 2015 after Facebook restricted their app, called Pikinis, to access user data. Pikinis was a short-lived app that identified users’ friends’ photos in bikinis. During the case, Facebook had to turn in thousands of pages of internal documents. These documents illustrated how Facebook put in efforts to control its competitors by withholding user data. These documents also revealed that while Facebook publicly justified its decisions as driven by privacy concerns, they were only worried about threats from competitors.


It is evident that the platform has not done enough to uphold individuals’ privacy and data protection rights. There are subject matter experts who believe that Facebook has been too busy lobbying against the data privacy laws. On the one hand, Facebook contends that it is almost impossible to maintain privacy on social media. However, this defence is in total contradiction with the commitments they make to their users. Are those commitments merely a publicity stunt? It may be true that maintaining privacy and ensuring absolute protection in present times can be a mirage. However, Facebook cannot use this as an alibi and continue to evade its responsibility until a competent authority imposes a fine for its wrongdoings. One such example is FTC’s record fine of $5 billion after the Cambridge Analytica incident.

Featured Image Credits: Background vector created by freepik – www.freepik.com