Twenty Something Asks Facebook For His File And Gets It – All 1,200 Pages

Type threatpost
Reporter Brian Donohue
Modified 2013-04-17T20:05:47


Be careful of what you ask for. That’s a lesson that Max Schrems of Vienna, Austria, learned the hard way when he sent a formal request to Facebook citing European law and asking for a copy of every piece of personal information that the world’s largest social network had collected on him.

After a wait, the 24 year-old law student got what he was seeking: a CD with all his data stored on it – 1,222 files in all. The collection of PDF format documents was roughly the length Leo Tolstoy’s _War and Peace _but told a more mundane story: a record of Schrems’ years-long relationship with the world’s largest social network.

Related Posts

Privacy Groups File FTC Complaint over WhatsApp Data Sharing with Facebook

August 30, 2016 , 12:23 pm

Emergency iOS Update Patches Zero Days Used by Government Spyware

August 25, 2016 , 5:33 pm

Tor Update Fixes ReachableAddresses Problem

August 25, 2016 , 9:22 am

Collected together were records of when Schrems logged in and out of the social network, the times and content of sent and received messages and an accounting of every person and thing he’s ever liked, posted, poked, friended or recorded. The archive captured friend requests, former or alternative names and email addresses, employment and relationship statuses and photos, in some cases with their GPS locations included, to name a few. To Schrems’ dismay, much of the data he received from the network was information he thought he had deleted. Facebook, it seems, doesn’t think much of the Delete key and continued to hold copies of the data on its servers.

The social network provides all its users with a feature for downloading their personal data. However, EU Directive 95/46/EC (PDF), which gives persons the “right of access to data relating to him” in order to verify the accuracy of that data and the lawfulness of how it is being used.

Schrems’ experience has inspired a legal project he’s working on called Europe vs. Facebook to increase transparency on Facebook, make opt-in data access the default (instead of opt-out) and to encourage data-minimization on the network.

Though EU privacy laws are generally more stiff than those in the U.S., Facebook is under pressure at home as well as abroad. The FTC proposed a settlement in late November requiring the site to take the privacy of its users more seriously by subjecting itself biennial privacy audits.

Also, the U.S. House Subcommittee on Oversight and Investigations and the Congressional Bipartisan Privacy Caucus recently wrote a letter [PDF] to Facebook founder and CEO, Mark Zuckerberg. The letter seeks to find out more about Facebook’s information collection and archiving practices of users and non-users, whether or not there is an opt-out option for all data collection, and why Facebook’s privacy policy has expanded from just over 1,000 words in 2005 to its present incarnation of almost 6,000 words among other things.

So how much data is Facebook collecting on you? To help laypeople understand, the Web site has taken Schrems’ data and visualized in different ways. You can find them here.You can find a list of the groups of data disclosed to Schrems by Facebook here.