Natasha Lomas@riptari /
Facebook and Meta logos

The lack of enforcement of European privacy laws against the adtech giant is sure to be raised by a report on Facebook's business yesterday.

The leaked internal document was written by privacy engineers on the Ad and Business product team.

The document appears to show engineers at the tech giant now known as Meta scratching their heads at the task they are facing. Next time Sheryl Sandberg talks about Meta, she should talk about the contextual meat to transplant on the euphemistic bones.

Some internal business shorthand/acronyms that aren't always clear are deployed in Meta's text. If you can spare the time for 15-pages of text, diagrams and a few colorful analogies, it is worth reading in full. According to the document, Meta's engineers do not sound confident of being able to transform the mess and achieve timely compliance with a bunch of other incoming global regulations. Don't get them started on what the regulations might mean for the business.

Meta disagrees that the document shows non-compliance with any privacy laws.

The company claims that the document does not describe our processes and controls to comply with privacy regulations.

They would say that.

Wolfie Christl is an expert in forensic analysis of ad data flows and she takes a different view of the leaked document. He unpacks and contextualizes the implications of the engineers' observations in his detailed thread.

The document identifies three reasons for why FB decided to not comply with the GDPR:

1) It just didn't want to spend the money2) Its surveillance advertising systems do not support keeping track of how personal data is used for 'ads'

3) It just didn't want to spend the money pic.twitter.com/gNGJJa1Y5C

Wolfie Christl posted on April 26, 2022.

Christl says the document is a confession that Facebook's business is based on a massive violation of the EU's General Data Protection Regulation. A company can only collect personal data for a specific purpose. If a company can't say what it collects personal data for, it's not allowed to process it.

Christl says the Irish data protection agency must take action now. It must be ordered to stop processing personal data if Facebook can't tell you how it uses it.

The Irish Data Protection Commission (DPC) was contacted by the website to inquire if it will be opening an investigation into Meta's ad data flows in light of what the document appears to show is, basically, an ads system that, either by design or systemic build creeps, exists.

The deputy commissioner confirmed that the document had only been seen for the first time when it was published.

The DPC has been investigating whether the ads business of Facebook complies with the law.

Since the regulation entered into force, the DPC has been considering a complaint against Facebook, focused on its legal basis for processing user data for ads.

A draft DPC decision on that inquiry, which was published last fall, was quickly branded a joke by privacy advocates as the regulator appeared to be intending to accept a tactic by Meta to evade the standard for consent-based processing.

Data subjects must be given a free choice if they want their consent to be valid. It must be informed and purpose specific.

If you use Facebook, your information is not processed for ad targeting. You can either agree to ads or not have a Facebook account.

The DPC didn't seem to see reason to object to the construction of the contract that Facebook claims users are in.

It's no wonder that the deep, dark, underbelly of Meta's ad-targeting machinery contains a vast ocean of surveillance data on web users but so little apparatus to order this information according to this document.

The EU is almost four years into enforcement of its data protection regime and Facebook is not affected by it. The messaging platform was fined last year.

The EU didn't invent privacy regulation in the year after the GDPR came into force. The Data Protection Directive included many of the same principles.

If a company like Facebook had been paying attention to legal requirements around privacy by design, and if EU regulators had been muscularly enforcing these long-standing rules, Meta might not have been necessary. It's not so much like landing on the moon as it is like reconstructing the entire planet in a way that ensures every tiny piece of rock and dust. Guess what, the deadline for doing all that already passed. It's called Zuckerberg's moonshot.

A Meta spokesman didn't respond to a question about whether it had contacted the DPC to provide information about how its ads system works.

This analogy lacks the context that we do, in fact, have extensive processes and controls to manage data and comply with privacy regulations.

The European Commission is in charge of monitoring the application of the EU's General Data Protection Regulation.

We asked the Commission if it had any concerns about the leaked document and if the DPC should open an investigation into the ads data flows. At the time of writing, it had not responded.

The Irish Council for Civil Liberties filed a complaint against the Commission, accusing it of neglecting its duty to act on Ireland.

Ireland’s draft GDPR decision against Facebook branded a joke

PayPal is shuttering its San Francisco office as it evaluates its global office footprint. Multiple sources say the payments giant is closing its San Francisco office on 425 Market St. which housed...Corporates generally aren’t hard to find because of their bigger presence, but founders have to take care to perform due diligence around which corporate best suits their needs While working as the head of treasury at Braintree, Boris de Souza once discovered a $90 million payment that went “missing” for over two weeks because of poor payments infrastructure. ...Have you heard about this fantastic opportunity for university-level, student-led mobility startups determined to transform transportation and redefine what it means to be mobile? Buy a student pas...At TechCrunch Early Stage, Y Combinator’s Dalton Caldwell shared insights on the application process — what works on an application, what doesn’t, and the right ways to stand out. UiPath, the RPA company that went public a year ago, was once hotter than hot in a space that was sizzling. Consider that it raised $750 million in February, 2021 at an astonishing $35 billion valu...ARMO, the Tel Aviv-based company behind Kubescape, the popular open source Kubernetes security platform, today announced that it has raised a $30 million Series A funding round led by Tiger Global....The U.S. government has stepped up its hunt for six Russian intelligence officers, best known as the state-backed hacking group dubbed “Sandworm,” by offering a $10 million bounty for i...Elon Musk’s attempt to terminate a 2018 settlement with the U.S. Securities and Exchange Commission that requires oversight of some of his Tesla-related tweets has failed. U.S. District Judge...Bogota-based payments infrastructure startup Minka has secured $24 million in a funding round co-led by Tiger Global Management and Kaszek. In an interview, CEO and co-founder Domagoj Rozic describ...One of the largest solar companies in Africa and Asia, Sun King, has raised $260 million in series D funding to deliver off-grid energy technologies to more people across the two continents. Sun Ki...The Indian conglomerate Reliance and Viacom18 have inked a strategic partnership with Bodhi Tree, an “investment platform” run by James Murdoch’s Lupa Systems and former Disney executiv...Twitter says that fluctuations in follower counts that occurred on its platform after it announced that it had agreed to be acquired by Elon Musk were organic in nature. Once the news was announced...U.S. cable TV giants have a new plan to stake their claim in the streaming wars. This morning, Comcast and Charter announced they will team up to develop a streaming platform based on Comcast’...Let’s discuss why Fidelity offering crypto in retirement plans is a huge win for pretty much everyone who isn’t ultra-wealthy. The crypto-based decentralized finance ecosystem has, despite bouts of volatility, been ballooning in terms of assets since last year’s “DeFi summer.” DeFi is quickly maturing, wh...Setting up a stack of data tools is a difficult exercise for any startup to undertake, involving picking and choosing among a wide variety of tools and approaches. Mozart Data’s founders have...Ford’s onslaught of electric truck news this week seems calculated to lay claim to the profitable segment — and overshadow a new General Motors rival — ahead of its first-quarter financ...