Facebook has once again been called up for a violation of privacy rights - its still embedding tracking data inside photos you download.
Last week Australian Law student Edin Jusupovic tweeted about how, "Facebook is embedding tracking data inside photos you download". The next day it was announced that Facebook will be fined US$ 5 billion (£4 billion) by the US FTC in relation to the Cambridge Analytica data abuse scandal.
It was also suggested that this is not the only steganography (hidden data in images) that Facebook is using. There is a legitimate purpose for the code. A report from Forbes notes that: "There is no active tracking implied here, the image does not contain a secret beacon of any sort." What Facebook can do with this information is trace ownership of images, resolve copyright infringements, provide enhanced user services and better target advertising. The tracking placed in the image could simply be a way to resolve copyright/credit attribution suggests Twitter user @JustinTimesUK.
However, Twitter has removes this same basic coding (IPTC) from images that are posted on its site, whilst other companies owned by Facebook, Instagram and Whatsapp, have also been called out for embedding tracking data inside photos. This could just be an innocent way of resolving copyright, but some consider it something more serious.
The US$ 5 billion fine that Facebook is paying, because of its privacy violation in early 2018, was just part of the compensation. In addition, the New York Times reported that it is expected to "have a more comprehensive oversight of how it handles user data". It does not, however, prohibit Facebook from collecting and sharing data with unknown third parties. Jusupovic also suggested that, in a few years’ time, it will be even easier for companies to hide privacy violations such as this one. This could potentially be dangerous to the users of these sites, if the sites are ever hacked. Right now, however, the situation is not considered seriously threatening.
Reddit user, dcwrite, stated in a 2015 discussion on Reddit about stenography by Facebook, that "This is not active tracking, it is just a string in a metadata field that can be read by FB or other sites if you re-upload the image after downloading it from FB." In short, the IPTC allows sites to use data collected from the photos to better adapt the advertisements to specify to you. It does this by linking the photo from Person 1 to Person 2, assuming that their interests are alike. The downside of this is that it allows fake news to circulate easily. This is because the data is sold to third parties, most commonly companies and political parties, who have been accused of then using it to spread their own propaganda.
Could additional data-use issues such as this affect Facebook’s US$ 5 billion fine - or future fines? Many US Government officials have said that not enough has been done to reprimand and discipline Facebook, including US Senator Elizabeth Warren. She tweeted that "The FTC just voted to let Facebook off easy with a US$ 5 billion settlement for compromising the data of tens of millions of Americans and allowing our elections to be improperly influenced."
In fact Facebook shares rose one percent on news of the fine, as markets had expected a higher figure, hence Mark Zuckerberg’s wealth grew by US$1 billion. The concern is therefore that without significant consequences, Facebook and other companies will continue to push the privacy boundaries and will not stop. One solution suggested is to add to the limitations stated in the settlement made between Facebook and FTC in 2011.
Going forward, Facebook and others will also have to contend with European regulators issuing fines under GDPR, with the recent BA and Marriott fines of £183 million and £99 million respectively demonstrating that data regulation is only set to get tougher.