Last updated on May 2, 2025
Anyone who uses social media has at one point or another been asked to read and agree to the company’s privacy policy. These documents are important, outlining what types of personal information the company will collect, how and why this will be done, how the information will be used, and who will have access to it [1]. Yet, while these policies make a user’s interaction with a social media company appear transparent from the start, many companies use these policies to hide unethical data sharing practices and abuse user trust. This is the case for Meta, previously known as Facebook, who, when forced to comply with the European Union’s General Data Protection Regulation (GDPR) in the spring of 2018 [2], found themselves overhauling not just their privacy policy, but their entire data sharing practice. In the years that followed, Meta would continually come under fire for disregarding GDPR guidelines. They became the poster child for unethical data sharing, and in doing so, sparked a broader conversation about what user data companies are entitled to, if it is ever ethical for them to use that data for profit, and whether users should leave platforms that do.
The GDPR’s Effect on Meta
While many might read Meta’s notoriously vague privacy policy [3] as an assurance that an individual’s personal data is only collected and sold on occasion, internal document leaks revealed something far more sinister. In the months following the passing of the GDPR, Meta scrambled to overhaul their data sharing policy, which violated several of the new regulatory principles required for a social media site to operate in a European Union country. Internal documents from this period of time, which surfaced during the spring of 2022, demonstrate just how little Meta knew about where user data was going. Employees remark that they had no way of knowing where the data collected from users ended up [4]. The document went on to describe the fact that first-party data, third-party data, and sensitive categories data were all pooled together before being used by the site. There were no clear restrictions about what kind of data could be sent where, and no way to track where the data had gone [4]. The leak demonstrated that just like consumers who were uninformed because of Meta’s vague privacy policy, employees had no idea what happened to the user data the company collected.
This lack of information was a problem, both at the time the document was leaked and years earlier when Meta sought to address their mishandling of data. The group’s vague privacy policy was a true reflection of their treatment of user information; it was gathered and used absolutely everywhere. A principal requirement of the GDPR is that any data collected from users is gathered for one specific purpose, which is clearly outlined to the user [4]. Even in situations where Meta knew where the data they collected was going, they often used it in multiple ways. For example, the company would gather a user’s phone number and use it in a feature of the app that helps people to connect with those in their phone contact list, before turning around and selling the phone number for a profit [4]. The release of the GDPR made one thing clear: Meta, specifically the Facebook platform, needed a serious data collection overhaul if they were going to abide by ethical practices.
A New Data Collection Free Meta?
To their credit, Meta was not blind to the fact that their platform needed to fit ethical guidelines. That same leaked document from 2018 outlined a need for change, mentioning that the social networking site would be taken off the European market if they failed to make their data collection processes more straightforward and visible [4]. Their proposed change was a switch from user-targeted ads fueled by data gathered on browsing habits to “basic ads.” [4]. This version of the social media site would allow users to opt into an experience that included general ads shared with all users. Rather than promoting ads based on user data, they would be promoted based on general views, with ads that performed well among initial users being distributed further across the platform [5]. The switch would resemble a return to ads shown on cable TV, where all viewers see the same marketing, as opposed to those used by streaming platforms, which collect information on your age, gender, and TV viewing habits, using it to tailor their marketing specifically to you [6]. For individuals seeking to share less of their data online but still stay connected, “basic ads” were a perfect solution. Unfortunately, while the internal document states that “basic ads” would launch for consumers on Facebook in 2022, they are still nowhere to be found.
Paying for Social Connection?
While it is unclear whether “basic ads” are still in development, Meta needed to do something to ensure that Facebook followed legal data-sharing guidelines in Europe. Their solution was a paid, “ad free” version of the platform [7]. This sparked outrage among consumers who felt it was unfair for the company to expect users to pay a fee for a social networking site that has traditionally been free to use [7]. They saw the move as one that would isolate individuals who cared about their data privacy from friends and family members. Landing Meta 570 million dollars in fines from the European Union [8], the decision was seen as yet another example of a product where access was limited by socioeconomic status.
However, these complaints fail to fully articulate the situation. Meta is a business that needs continual funding for its product. The tens of thousands of employees working for the company [9] need stable income; Meta cannot afford to employ them if their most popular products truly cost nothing. As a result, user data has a large effect on the company’s income. In fact, reports show that when Apple launched a feature allowing users to disable personal data tracking while using apps, including Facebook and Instagram, Meta lost an estimated 10 billion dollars’ worth of income [5]. For social media companies to survive, users of monetarily free products are always paying in some way. Furthermore, according to technology ethics writer Stephanie Hare, Meta knows that users are willing to participate in data sharing in exchange for their product. She is quoted as saying, “[Meta’s] bet is that most users have accepted this bargain – they have priced in a privacy trade-off for social connection, convenience, fun and business” [10]. As a company, Meta cannot function without customers paying to use the platform or paying with their data. As users continue to log onto the site, they argue that their customers do not seem to mind the business model [10]. Therefore, anyone who is upset enough about data sharing to leave the platform entirely should have no issue paying a fee to return to it on their terms.
While this transaction is necessary, it needs to be straightforward. Studies have shown that though individuals consider data collection on social media to be the norm, they change their sharing habits based on their perception of the company’s data collection policy [11]. Meta was right that users accepted the data for social connection transactions, but they still need to be transparent with their consumers. This is why Meta’s data sharing practices are so frequently targeted as unethical. Even with the introduction of a paid version of their platform, they misled users by marketing it as an “ad free” version of the site rather than a data-collection-free one. While Meta’s current privacy policy states that personal information and user data are never sold to consumers, they explain that they do still collect user data, which is used for highly targeted ads [12]. They outline this through a document that is riddled with links to separate pages, technical jargon, and advanced language. At times they appear to intentionally mislead users, answering the bolded question “Are Facebook and Instagram listening to your conversations?” with a simple “No.” before going on to explain that they aren’t, unless you have the microphone enabled in the app and are using a function that requires it [12]. Tactics like these violate the Web Content Accessibility Guidelines (WCAG), an international standard for web accessibility. One of its principles is understandability, requiring that all information presented on websites refrain from using jargon without clearly defining it, and that websites be written in a way that all individuals who have obtained at least a lower secondary education can understand [13]. The way Meta’s privacy policy is written makes it inaccessible to individuals without technical knowledge or the time required to read through pages and pages of disclaimers. While there is nothing wrong with collecting a user’s data with their permission, it is deeply wrong to mislead users about the extent of that data collection for the company’s benefit.
Should You Leave Meta?
Analyzing Meta’s history of data collection scandals makes one thing clear: no product is ever truly free. Consumers are always paying for the services they love, whether monetarily or through data tracking. Like deciding whether to hand over cash, choosing to engage with or abstain from services that collect your personal data, like Meta does, is one every individual is entitled to make. Some might argue that they enjoy the social connection that Meta’s platforms provide and are unbothered by the data collection the company engages in, even if they do not understand the full extent of it. Others might even say that they enjoy the highly targeted ads they receive, encouraging them to engage with the platform even more. Still others are frustrated and want change. While it feels daunting and isolating to walk away from one of the world’s biggest social networking platforms, doing so is one of the only ways to demonstrate that users, not just the government, are fed up with Meta’s unclear policies. In the fight against unethical data-sharing, it’s important to remember that voting with your data is just as meaningful as voting with your dollar.
Works Cited
[1] R. Bonta, “How to read and privacy policy.” State of California Department of Justice Office of the Attorney General. https://oag.ca.gov/privacy/facts/online-privacy/privacy-policy (accessed Feb. 22, 2025)
[2] K. Litman-Navarro, “We read 150 privacy policies. They were an incomprehensible disaster.” New York Times. https://www.nytimes.com/interactive/2019/06/12/opinion/facebook-google-privacy-policies.html (accessed Feb. 22, 2025)
[3] J. Sherman, “Meta’s privacy policies: Designed badly, by design?” TechPolicy.Press. https://www.techpolicy.press/metas-privacy-policies-designed-badly-by-design/ (accessed Feb. 22, 2025)
[4] L. Franceschi-Bicchierai, “Facebook doesn’t know what it does with your data, or where it goes: Leaked document.” VICE Media. https://www.vice.com/en/article/facebook-doesnt-know-what-it-does-with-your-data-or-where-it-goes/ (accessed Feb. 22, 2025)
[5] A. Hutchinson, “Meta is developing a new ‘basic ads’ product for Facebook to counter loses due to data privacy concerns.” Social Media Today. https://www.socialmediatoday.com/news/meta-is-developing-a-new-basic-ads-product-for-facebook-to-counter-losses/624893/ (accessed Feb. 22, 2025)
[6] J. Miller. “Streaming media: Unlocking endless marketing opportunities for brands.” Forbes Business Council. https://www.forbes.com/councils/forbesbusinesscouncil/2023/04/11/streaming-media-unlocking-endless-marketing-opportunities-for-brands/ (accessed Feb. 23, 2025)
[7] A. Cooban, “Meta accused of ‘massive, illegal’ data processing by European consumer groups.” CNN News. https://www.cnn.com/2024/02/29/tech/meta-data-processing-europe-gdpr/index.html (accessed Feb. 22, 2025)
[8] A. Cooban, “EU whacks Apple and Meta with $800 million in antitrust fines.” CNN News. https://www.cnn.com/2025/04/23/tech/european-union-apple-meta-fines-intl/index.html (accessed Apr. 29, 2025).
[9] Statista, “Number of full-time Meta platforms employees from 2004 to 2024.” Statista. https://www.statista.com/statistics/273563/number-of-facebook-employees/ (accessed Feb. 22, 2025)
[10] K. O’Flaherty. “Facebook’s new privacy policy – What you need to know.” Forbes. https://www.forbes.com/sites/kateoflahertyuk/2022/05/27/facebooks-new-privacy-policy-what-you-need-to-know/ (accessed Feb. 22, 2025)
[11] L. Soczka, R. Brites, and P. Matos, “Personal information disclosure and perceptions about data usage by Facebook,” in Proceedings of the 2nd European Conference on Social Media 2015, P. Peres, and A. Mesquita, Eds, Porto, Portugal: ACPIL, 2015, pp. 413-420.
[12] Meta, “Privacy Center.” Meta. https://www.facebook.com/privacy/center/ (accessed Feb. 22, 2025)
[13] W3C, “Web content accessibility guidelines (WCAG) 2.1.” W3C. https://www.w3.org/TR/WCAG21/#readable (accessed Feb. 22, 2025)
