There are boundaries, with a fair amount of grey areas, around what financial data Facebook will share with its partners, presumably including Royal Bank of Canada.
In a massive release of information, Congress yesterday made public around 450 pages of written responses from Facebook on its data and privacy practices. The release offers the most detail yet on what financial data Facebook does — and does not — make available to its advertising partners.
The release comes just days after The Wall Street Journal reported that Facebook had given extraordinary data to Royal Bank of Canada, even after it had in 2015 said that it “walled off” such private information, like telephone numbers and “a metric called ‘friend link’ that measured the degree of closeness between users and others in their network.” It should be noted that RBC did not specifically have access to such “walled off” data.
Facebook acknowledged in its documents released to Congress that it collects detailed financial information about its users, which numbers 2.2 billion active monthly users worldwide. In its disclosures to the Senate Commerce Committee, Facebook revealed that:
If users use our Products for purchases or other financial transactions (such as when they make a purchase in a game or make a donation), we collect information about the purchase or transaction. This includes payment information, such as their credit or debit card number and other card information; other account and authentication information; and billing, shipping and contact details.
But, elsewhere in the document, when asked whether the company “impose[s] any limitation on itself regarding the collection and use
(including inferences) of web tracking data collected from health-related pages or any other themes of websites,” Facebook answered that “we prohibit anyone from using our pixel to send us data that includes health, financial information, or other categories of sensitive information.”
In other words, it appears as though Facebook will collect financial data, but will not allow its partners to send it financial data. Facebook acknowledged that “we also get information about which website or app our users are using.” It is unclear whether that means Facebook does not need the financial information from its partners since it already extracts such information on its own from its users.
According to the Facebook documents, the social media giant does not share financial data on users who are under 18 years of age. Those users are “gated” from seeing ads for financial services products and services, Facebook said.
But Facebook refused to offer more details on the segmentation is provided for financial services advertisers. When asked to detail the characteristics, categories, descriptors, and/or interests that Facebook allows advertisers to select in order to exclude certain users from an advertisement’s audience, Facebook referred to its policies around users who are under 18. Is there a presumption that detailed financial data related to characteristics, categories, descriptors, and/or interests of users over the age of 18 were, indeed, provided to advertisers? That question remains outstanding.
As for the ads themselves, Facebook said it has a strict policy around ads that might discriminate.
“We don’t want advertising to be used for hate or discrimination, and our policies reflect that,” Facebook wrote.
When Facebook detects that an advertiser is attempting to run a credit ad, the company requires the advertiser to “certify compliance with our anti-discrimination policy and anti-discrimination laws.”
“We are taking aggressive steps to strengthen both our automated and our manual review,” Facebook wrote to Congress. “We are also expanding our global ads review teams and investing more in machine learning to better understand when to flag and take down ads, such as ads that use our multicultural affinity segments in connection with offers of housing, employment or credit opportunities.”
For more coverage of the Facebook Files, click here.