Is leaving Facebook the only way to protect your data?

  • Published
circle of friendsImage source, Getty Images
Image caption,
People increasingly want to know how much information tech firms have on them

Allegations that research firm Cambridge Analytica misused the data of 50 million Facebook users have reopened the debate about how information on the social network is shared and with whom.

Data is like oil to Facebook - it is what brings advertisers to the platform, who in turn make it money.

And there is no question that Facebook has the ability to build detailed and sophisticated profiles on users' likes, dislikes, lifestyles and political leanings.

The bigger question becomes - what does it share with others and what can users do to regain control of their information?

Want to see what you look like as a Hollywood star? Click here.

Image source, Getty Images
Image caption,
Cambridge Analytica chief executive Alexander Nix told MPs it used data from "Facebook surveys"

We've all seen these quizzes - offering to test your IQ, reveal your inner personality, or show you what you'd look like if you were a glamorous actor.

It was information from one such Facebook quiz - This is Your Digital Life - that Cambridge Analytica is alleged to have used to harvest the data of millions of people.

Many such quizzes come with reassurances that your data is safe.

These games and quizzes are designed to tempt users in but they are often just a shop front for mass data collection - and one that Facebook's terms and conditions allow.

Privacy advocates Electronic Frontier Foundation said the way these quizzes collected data reflected "how Facebook's terms of service and API were structured at the time".

Facebook has changed its terms and conditions to cut down on the information that third parties can collect, specifically stopping them from accessing data about users' friends.

It is not yet clear exactly what information the firm got hold of - this is now subject to an investigation by the UK data protection authority, the ICO.

What can users do to protect their information?

  • Log in to Facebook and visit the App settings page
  • Click edit button under Apps, Websites and Plugins
  • Disable platform
Image source, Screen grab
Image caption,
App settings can be found via a drop down menu in blue bar at the top of Facebook page

This will mean that you won't be able to use third-party sites on Facebook and if that is is a step too far, there is a way of limiting the personal information accessible by apps while still using them:

  • Log into Facebook's App settings page
  • Unclick every category you don't want the app to access, which includes bio, birthday, family, religious views, if you are online, posts on your timeline, activities and interests

There are some others pieces of advice too.

"Never click on a 'like' button on a product service page and if you want to play these games and quizzes, don't log in through Facebook but go directly to the site," said Paul Bernal, a lecturer in Information Technology, Intellectual Property and Media Law in the University of East Anglia School of Law.

"Using Facebook Login is easy but doing so, grants the app's developer access to a range of information from their Facebook profiles," he added.

How else can you protect your Facebook data?

Image source, Getty Images
Image caption,
Digital fingerprints are getting bigger as people share more information online

There really is only one way to make sure data we create on a daily basis remains entirely private, thinks Dr Bernal. "Leave Facebook."

"The incentive Facebook will have to protect people more will only come if people start leaving. Currently it has very little incentive to change," he told the BBC.

It seems he is not alone in his call - the hashtag #DeleteFacebook is now trending on Twitter in the wake of the Cambridge Analytica scandal.

But Dr Bernal acknowledges that it is unlikely many will quit - especially those who see Facebook as "part of the infrastructure of their lives".

The less drastic option is deactivation, which stops an account from appearing in search results but gives the user the option to bring it back. It would stop future tracking but means all the information already collected will still be kept.

For those that decide deletion is the best option, users can head to the delete my account page, which explains that once gone, information cannot be retrieved.

The page is not easy to find on the site and requires quite a few steps:

  • From the top right of the blue bar, click the downward arrow
  • Select settings
  • Click General
  • Click Manage Account
  • Click Request Deletion
  • In the pop-up box, which is aimed at people who want to delete their account in the event of their death, click Learn More
  • Scroll down to the section headed Deleting Your Account and click on the link

Facebook advises users who delete their account to download a copy of their information before they delete it. They also warn users that the process can take up to 90 days, during which time the information is inaccessible to others using the platform.

Can you find out what data on you is stored?

Image source, Getty Images
Image caption,
Mr Schrems has been involved in a series of complaints against Facebook since 2011

Under current data protection rules, users can make a Subject Access Request to individual firms to find out how much information they have on them.

When Austrian privacy advocate Max Schrems made such a request to Facebook in 2011, he was given a CD with 1,200 files stored on it.

He found that the social network kept records of all the IP addresses of machines he used to access the site, a full history of messages and chats, his location and even items that he thought he had deleted, such as messages, status updates and wall posts.

But in a world where Facebook information is shared more widely with third parties, making such a request gets harder.

As Dr Bernal says: "How do you ask for your data when you don't know who to ask?"

That is likely to change this summer with the introduction of the EU's General Data Protection Regulation (GDPR), which aims to make it far easier for users to take back control of their data.

The threat of big fines for firms that do not comply with such requests could make it more likely that they will share this information, which must be given to consumers "in a clear and readable form".

How long is data kept?

Image source, Getty Images
Image caption,
Can you remove your profile from social media?

Data protection laws in Europe suggest that firms should only keep user data "as long as necessary" but the interpretation of this can be very flexible.

In Facebook's case, this means that as long as the person posting something does not delete it, it will remain online indefinitely.

Can you delete historic data?

Users can delete their accounts, which in theory will "kill" all their past posts but Facebook encourages those who wish to take a break from the social network simply to deactivate them, in case they wish to return.

And it must be remembered that a lot of information about you will remain on the platform, from the posts of your friends.

One of the biggest changes of GDPR will be the right for people to be forgotten and, under these changes it should, in theory, be much easier to wipe your social network or other online history from existence.