While Meta’s updated policy and terms of service stick to clarifying the processes used to deliver services, Economic Times has reported that users in India can choose not to agree to the new policy.
Meta’s privacy policies have previously come under the scanner in India; last year, the Competition Commission of India launched a probe of its policy to share certain data from WhatsApp messages with its other services. The Central Bureau of Investigation had also launched a probe into Facebook after the Cambridge Analytica scandal which revealed how sensitive data of millions of users was sold to a data-mining firm that served targeted advertisements to users in order to influence elections.
Key highlights from the policies
Type of data collected: The policy reveals that Meta collects quite a bit of data about its users, not only from their own devices or accounts but also from their friends or relatives’ activities. This includes:
- Content created, liked posts, comments, or audio
- Content provided through Meta’s camera feature, user’s camera roll settings, or through our voice-enabled features.
- Messages sent and received including their content subject to applicable law. “We can’t see the content of end-to-end encrypted messages unless users report them to us for review,” Meta clarified.
- Metadata about content and messages, subject to applicable law
- Types of content viewed or interacted with, and how such interactions take place
- Apps and features used on the platforms
- Purchases or other transactions made on the platforms, including credit card information.
- Hashtags used on the platforms
- Time, frequency, and duration of your activities on Meta’s products
- Data collected from a user’s friends on the platform(s), their contacts, and their activities.
Further, the platforms collect the following device information:
- Device characteristics.
- What a user does on their device, like whether the app is in the foreground or if the mouse is moving (which can help tell humans from bots)
- Identifiers that tell a user’s device apart from other that of other users, including Family Device IDs.
- Signals from the user’s device.
- Information shared by the user through device settings like GPS location, camera access, photos, and related metadata
- Information about the network used to connect to the device, including the IP address.
- Information about Meta’s product performance on the device.
- Information from cookies and similar technologies
According to the policy, this information is used to provide recommendations to its users, conduct research on its products, conduct safety and integrity checks on its platforms, show targetted ads, and so on.
When an account can be removed: In its policy, Meta said that some of the data it collects could be used to ensure that its community standards and terms of service were being followed. Not abiding by such a policy could lead to restriction of accounts or complete suspension.
Some of these guidelines include not posting content that is hateful, misleading, bullying, intellectual property infringing, or conducting actions that could overburden the platforms’ grievance redressal mechanisms (such as reporting a post, user account, appealing decisions, etc). Further, the policy also says that an account could be actioned if it seems like it is compromised.
“We may disable or delete your account if it appears to have been hacked or compromised and we are unable to confirm ownership of the account after a year, or if the account is unused and remains inactive for an extended period of time. Additionally, if you do not confirm your account after registration, we may disable or delete your account after one year of inactivity,” Meta’s policy said.
The policy says that in some cases, the platforms’ decisions could also be reviewed by the Oversight Board.
How long certain data is stored: The policy says that the duration for which data is stored varies by type and function. For example, in the case of disappearing messages on Messenger, the content is deleted after one hour of the message being read. However, if the message is not read, it’s deleted after 14 days.
Further, the policy says that it retains certain information for life such as profile information, photos posted (and security information. However, information related to search histories, information about the device being used, or location information is voluntarily deleted after six months from the search.
- Required by law in that jurisdiction
- Affects users in that jurisdiction
- Consistent with internationally-recognised standards including Meta’s Corporate Human Rights Policy.
Users can now file complaints in their own jurisdictions: The new Terms of Service clarify that complaints can be filed against the platforms by users, in a court in the country of their residence itself.
Other privacy updates
Meta also announced that certain features pertaining to user controls and privacy have been enabled across its platforms:
- Privacy Centre: Meta said that its ‘Privacy Centre’ looks to give users more controls over the kind of data they share, the security of their accounts, etc. Now, it has been rolled out to all its users.
- Consolidating ad topics and controls for better oversight: “Recently, we consolidated the Ad Topics and Interest Categories controls into a single control that can be accessed on Facebook and Instagram, covering a more extensive set of ad topics,” Meta announced.
- Meta says it will publish data on targeted ads from June
- Germany uses new law to double down on Meta
- Meta rescinds request for oversight of Russia-Ukraine policy
Have something to add? Post your comment and gift someone a MediaNama subscription.