Why it matters: It’s been a full two months since Mark Zuckerberg testified before Congress in the wake of the Cambridge Analytica scandal. The Facebook CEO ducked many questions about the social network and its policies, promising instead to follow up with answers at a later date. Now, the company has released a 225-page PDF and a 229-page PDF containing responses to the two senate committees.
One of the most controversial issues is Facebook’s “shadow profiles”—information it collects on non-users from other websites. The company said that it doesn’t create profiles for non-users, "nor do we use browser and app logs for non-Facebook users to show targeted ads from our advertisers to them or otherwise seek to personalize the content they see."
Facebook does admit, however, that it collects data on its users from third-party sites. “When people visit apps or websites that feature our technologies—like the Facebook Like or Comment button—our servers automatically log (i) standard browser or app records of the fact that a particular device or user visited the website or app […] and (ii) any additional information the publisher of the app or website chooses to share with Facebook about the person’s activities on that site (such as the fact that a purchase was made on the site).”
In a question about whether it had a monopoly, Zuckerberg struggled to name any Facebook competitors during the Senate hearing last April. In the written follow-up, Snapchat, YouTube, Twitter, Pinterest, Vimeo, and others are named as rivals, though it’s hard to see any of those as real alternatives.
Explaining what kind of user data it monitors, Facebook writes that it tracks “operations and behaviors” on devices, including “whether a window is foregrounded or backgrounded, or mouse movements (which can help distinguish humans from bots).” It also records every IP address when a user logs into the platform, though these are deleted “according to a retention schedule.”
Facebook also said it was “generally open” to requirements that it informs users of a data breach within 72 hours but added that the situation was complicated in the US due to the lack of a central authority for reporting breaches.
Many of Facebook’s other answers in the documents fail to reveal anything new or are incredibly vague, while others pose more questions than they answer.