Every day, tens of millions of people post remarkably intimate details about their lives on Facebook. And yet the operators of the online social network say they still don’t know enough about their subscribers.
So Facebook is purchasing even more information on its members from data brokers — companies that collect huge amounts of sensitive information about the everyday activities of millions of Americans. Facebook will use the data, as well as information provided voluntarily by members, to target them with more relevant — and profitable — advertisements.
“We think that serving the right ads to the right people creates a better user experience on Facebook,” said a company spokeswoman Elisabeth Diana.
But privacy activists are alarmed by Facebook’s trafficking in so much sensitive data.
The Electronic Privacy Information Center, an online privacy watchdog, has urged the Federal Trade Commission to investigate Facebook’s use of such data, fearing it might violate an FTC consent order that required Facebook to toughen its protections for user privacy.
Originally, Facebook partnered with a single data broker, Colorado-based Datalogix, which resells customer information obtained from retailers. In late February, Facebook said it would also obtain data from three more providers: Acxiom Corp. in Little Rock, Ark., Epsilon of Dallas, and BlueKai Inc., of Cupertino, Calif.
In response, another Internet activist group, the Electronic Frontier Foundation,published guidelines for consumers to make it more difficult for Facebook and its business partners to keep tabs on their activities.
Facebook users have sometimes responded angrily when the company changes policies on personal information. But the deals with data brokers have elicited little protest.
Diana said that when a person’s Facebook data are combined with, say, a retail shopping history or financial records, the combined history is “anonymized,” so that an advertiser won’t know the person’s identity.
Diana said Facebook is not interested in pinpointing individual users, but rather in trying to identify groups of consumers with shared tastes and interests. Combining Facebook data with shopping records from Epsilon, for instance, might identify fortysomething males who buy cholesterol medications and Lee Child thrillers. With that, Facebook can present ads for pharmaceuticals and crime novels to just the right group of users, instead of also broadcasting them to teenagers with a taste for the Twilight books.
“We’re trying to provide people with a better ad experience,” Diana said. “We think we can do this in a way that protects user privacy.”
Still, the new policy underscores how difficult it is for consumers to restrict access to their personal data — online or offline.
When a consumer visits an Internet retailer, it’s likely that the company uses software from BlueKai to record the transaction. When the same consumer goes to a brick-and-mortar supermarket and uses a loyalty card to earn discounts, he is also giving Epsilon or some other company permission to track his purchases.
All this information can be sold by the data brokers to just about anybody.
Sarah Downey, a privacy analyst and attorney at Abine Inc., a Boston maker of privacy-protection software, said consumers can take steps to limit online data collection. Her company makes DoNotTrackMe, a free program that blocks tracking programs.
Under development is MaskMe, a program that generates an e-mail alias so a person can sign up for services without using his or her real e-mail address. Many data brokers and online sites use e-mail addresses as the main identifier of consumers, so using a different alias with each company makes it harder for them to combine their databases.
In addition, people can directly contact the brokers — Acxiom, Datalogix, Epsilon, and BlueKai — and ask not to be tracked. But the process is tedious and time-consuming, and there are always other businesses offering attractive services or tempting discounts in exchange for personal information.
Hiawatha Bray can be reached at firstname.lastname@example.org.