Case Study: Facebook Privacy Policy

We’ve gone over some information about privacy policies in general, as well as some tips for staying private on social media, so let’s bring it all together in a practical example.  In this lesson, we’ll use Facebook’s privacy policy as a case study to show you what to look for in terms of what’s covered in terms of your privacy while using a website, and what you’ll need to watch out for.  We’ll investigate using the ten key questions from our Privacy Policies article as a guide:

  1. What information do I need to provide to use the website?

  2. Does the website collect or ask for any other non-essential information from me?

  3. Am I allowing the website to collect information from me by simply using it?

  4. Why does the website claim that they are collecting or asking for my information?

  5. Does the website share/sell/trade the information that they collect from me?

  6. With whom does the website share my collected information?

  7. When does the website share my collected information?

  8. How long does the website keep my collected information?

  9. Does the website delete my information, or simply de-personalize it?

  10. Is anyone else allowed to collect my information when I use the website?

Facebook privacy policy: preamble

This is the introduction to Facebook’s “Data Policy”, as they refer to their privacy policy.

Note the highlighted sentence, which says that there are some functions on Facebook that have their own privacy policies and are not covered by this one.  Right off the bat, we’ve answered question #10.

Question #10 answer: YES. There are certain other functions on Facebook that collect your information and are NOT covered by Facebook’s overall privacy policy.

Facebook privacy policy, part 1: Types of collected information

This section of Facebook’s Data Policy concerns what types of information they collect from you.

It doesn’t exactly say what information Facebook needs from you in order to use the website.  However, if you go to Facebook’s home page (assuming that you’re not already signed into Facebook), you will see that it requires:

  • Your first name

  • Your last name

  • Your email address OR phone number

  • Your date of birth

  • Your gender

The rest of this section pretty much deals with the answer to questions #2 and #3.  Some of the more interesting sections are highlighted; for example, Facebook can track your information:

  • When other people (besides you) post it or use it

  • When you access Facebook with a specific device (i.e. it tracks that device’s details)

  • When you aren’t using Facebook itself, but a website owned by or integrated with Facebook

Question #2 answer: YES.  Besides the information that is necessary to use Facebook, the website also collects the following information:

  • Details about content that you post, such as a photo’s location or a file’s date of creation

  • Details on what kinds of content you post or look at most often or for the longest duration

  • Details that others use or post about you (such as when they tag you or look you up)

  • Details on who you connect with, communicate with, or share with the most

  • Billing and address information (if you purchase something on Facebook)

  • Details about the device(s) that you use to access Facebook

  • Details about you from other non-Facebook websites or entities that you interact with

Question #3 answer: YES.  You are allowing Facebook to collect your information when you:

  • Sign up for an account

  • Post or view content

  • Connect with, communicate with, or share with your friends

  • Access Facebook with a certain device (e.g. desktop computer vs. smart phone)

  • Access websites that are integrated or affiliated with Facebook

Facebook privacy policy, part 2: Use of collected information

This part of Facebook’s data policy explains why they need the information that you provide to them, or that they collect from you.

It is interesting to note, in the first highlighted section here, that Facebook wants to know what you’re interested in both “on and off our Services”.  Remember, there are other services on Facebook that collect your information and aren’t covered by the main privacy policy.  Also remember that there are certain websites affiliated or integrated with Facebook where Facebook is allowed to collect your information.

Anyway, this section largely answers question #4.

Question #4 answer: Facebook claims to collect or ask for your information in order to:

  • Run its “Services”

  • Personalize content and make suggestions (i.e. show you some things and not others)

  • Send you marketing communications and show you relevant ads (i.e. targeted advertising)

  • Promote safety and security for the website by verifying accounts and activity

Facebook privacy policy, part 3: Sharing of your collected information

This section deals with who else gets to see any information that you give to Facebook, or that Facebook collects from you.  It’s split into two parts: sharing on Facebook, and sharing with third parties.

Part A: Sharing on Facebook

The first part mainly goes over the fact that you can use privacy controls on Facebook to decide who gets to see your original content.  However, as we have highlighted in the first box here, content that you share with other people whom you know on Facebook can also be shared with people whom they know on Facebook.  This may include some people whom you do not know or whom you did not intend to see your content, so keep that in mind when deciding whether to post something on Facebook or not.

The second part we’ve highlighted is a reminder that, even if you aren’t directly using Facebook, they can still track you if you’re using a website that belongs to — or is integrated with — Facebook.

We’ve also highlighted another part here, since it has been a source of lingering criticism towards Facebook.  Using certain third-party services on Facebook may result in those services being able to access all public information about you on Facebook.  In addition, such services are subject to their own privacy policies, not Facebook’s.  This is something to keep in mind if you want to do things on Facebook such as play games.

The last part we’ve highlighted shows you that Facebook can share your information with any of the other companies that it owns, or that are purchased from Facebook in the future.

Part B: Sharing with third parties

The first section that we’ve pointed out here is a supplementary answer to question #4: Facebook collects your information to sell to advertisers so that you don’t have to bear the cost of running Facebook’s services.

Next, we’ve pointed out that Facebook shares your information with advertisers and analytics companies.  However, it de-personalizes this information and does not share anything that would directly identify you (such as your email address or real name) without your explicit permission.

The last point we’ve highlighted here is that Facebook shares your information with service providers and certain others (such as academic institutions) in order to deliver its services, such as providing customer help, processing payments, and doing research.  All of these partners have to abide by Facebook’s data policy and other confidentiality agreements.

In summary, these two sections deal mostly with questions #4, #5, #6, and #7.

Question #4 update: Facebook claims to collect (and share) your information in order to:

  • Provide their services for free (i.e. they’re supported by advertising)

  • Analyze how well advertisements on Facebook work

  • Provide other functions, such as customer service, payment processing, and research/surveys

Question #5 answer: YES.  Facebook does share the information that they collect from you with others.

Question #6 answer: Facebook shares the information that they collect from you with:

  • Other companies owned by Facebook

  • Companies no longer owned by Facebook, but that help provide Facebook’s services

  • Advertisers and analytics companies

  • Service providers, academic institutions, and others bound by strict confidentiality policies

Question #7 answer: Facebook shares the information that they collect from you with their partners at these times:

  • Only shares personally-identifiable information with advertisers with your explicit permission

  • Shares your public, non-identifiable information with their partners pretty much whenever they want

Question #10 update: YES.  Third-party app developers who make their apps available to use on Facebook can collect your information while you’re on Facebook, but only if you use their apps.

Facebook privacy policy, part 4: Management/deletion of information

This section deals with how long Facebook keeps your information, and what control you have over it.

We’ve pointed out a couple of things here.  First is that Facebook keeps any information that you provide to them (or that they collect from you) until they deem that it is no longer necessary in order for them to provide their services.  In other words, they can keep your information pretty much for as long as they want.

The exception, which is the second thing that we’ve pointed out, is if you delete your account.  This will delete all information that Facebook has on you that was directly contributed by you. 

However, as we have highlighted in the last section, this will not delete any information that other people have shared from your account.  This information is now part of their accounts, not yours.

Anyway, we now have our answers to questions #8 and #9.

Question #8 answer: Facebook keeps all information collected about you for as long as they want to use it to provide their products and services, or until you delete your account.  Also, information shared from your account to other accounts is retained under similar circumstances (i.e. until Facebook no longer wants it, or the account that shared your content is deleted).

Question #9 answer: In addition to de-personalizing information shared with advertisers, analytics firms, and others, Facebook outright deletes any information directly contributed by you when you delete your account.

Facebook privacy policy, part 5: Legal use of collected information

This section deals with how Facebook may use your information in order to comply with national and international laws, or to protect themselves and others from abuse or other criminal activity.

It’s basically a bunch of legal exceptions to how Facebook can collect and share your information, so we’ll update a few of our answers here.

Question #6 update: Facebook may share your information with governments and law enforcement agencies, both national and international.

Question #7 update: Facebook may share your information with governments and law enforcement agencies when:

  • They receive a good-faith legal request, such as a search warrant or court order

  • They believe that it is necessary to prevent fraud or other criminal activity on Facebook

  • They believe that it is necessary to protect themselves or a user from death or bodily harm

Question #9 update: Facebook may keep your information — even if you request its deletion — when:

  • It is the subject of a legal request, such as a search warrant or a court order

  • You are under investigation for criminal activity or other violations of Facebook’s policies

  • Your Facebook account has previously been suspended for violating Facebook’s policies


Well, that’s an overview of the major sections of Facebook’s privacy policy, and an analysis of them using our ten-question framework!  So, do you think that your privacy is in good hands when you use Facebook, or are there certain parts of it that you’re wary about?  We’d love it if you let us know your thoughts in the comments below.

Just to be clear, we’re not trying to scare you off Facebook by telling you all this.  With the exception of the most intentionally privacy-conscious websites out there, many services on the Internet — especially social networks — have similar privacy policies.  We are simply trying to make you aware of how your information is tracked, collected, and used on Facebook within a framework that is a bit easier to digest than reading a lengthy legal document word-for-word.

Also, there are some tips and tricks in the other articles in this course that may help keep you more private on Facebook by interfering with how Facebook tracks and collects information about your activity (and don’t worry; it’s all perfectly legal).  Have a look!