7 Controversial Ways Facebook Has Used Your Data

6 minute read

Facebook just turned 10 years old, capping an extraordinary decade of growth in users and revenue. But along the way, the company has frustrated members more than once with its byzantine privacy policies and unwanted surprises nestled in its terms of service. The company tries to walk a tightrope between offering users a private space to converse with their friends and feeding businesses as much user data as they can in order to serve them effective ads. More than occasionally, the balance tips in the favor of business. The Federal Trade Commission even slapped the company on the wrist with regular privacy audits for 20 years because it “deceived consumers” with its privacy promises.

Here’s a look back at some of the most surprising things Facebook’s policies have allowed it to do with your data in the past. Some of these policies have been scrapped, while others are still in effect.

1. Keeping Your Data Forever, Even If You Leave

In the olden days, when Facebook was still tussling with MySpace, there was no simple way to delete your Facebook account. Sure, you could deactivate it, but the only way to wipe yourself from the social network’s database was to delete all the content you’d ever posted—by hand—and then email Facebook, sometimes several times, requesting an account deletion (Facebook added a straightforward account deletion option in 2010).

The simmering gripes over this policy sparked into a huge controversy in 2009, when Facebook changed its terms of service to remove a clause that promised that the company could not use your content if you deleted it. Facebook initially said people misunderstood the intent of the change, arguing that it was necessary to keep a user’s message to another available even if they left the service. But the company eventually reverted to its old terms and vowed to allow users to vote on future policy changes.

Some forms of interaction on Facebook, like sending another user a message or posting in a group, are still retained by the company indefinitely even if you delete your account.

2. Telling Your Friends What You Buy Online

One of Facebook’s first controversial moves was an ad platform called Beacon, through which companies like Travelocity and Fandango could automatically post items to users’ feeds indicating that they had bought products on their websites. Eventually Facebook added an opt-out option, but users complained that it was difficult to find. The program was eventually scrapped and Facebook paid $9.5 million to settle a class-action lawsuit brought by disgruntled users. Mark Zuckerberg himself called Beacon a mistake in 2011. But it was in some ways reborn as Facebook Connect, a more transparent platform through which users can use their Facebook accounts to perform actions on other websites.

3. Tracking Your Movements Across the Web

Facebook keeps a running log of your movements across a vast number of websites for 90 days, whether you are logged into the service or not. The company uses cookies to log data such as the date, time, URL, and your IP address whenever you visit a site that has a Facebook plug-in, such as a “Like” button. In a help section on its website, Facebook says this data is used to “show you a personalized experience on that site, to help maintain and improve our service, and to protect both you and Facebook from malicious activity.”

4. Using Your ‘Likes’ In Ads

Facebook got in legal trouble for its “Sponsored Story” ad format in 2011 because the social network was using members’ names and photos in ads for products they liked but not compensating them. This had some rather hilarious consequences, like a guy accidentally becoming a spokesman for a 55-gallon drum of lubricant. But it also angered some people enough to file a class-action lawsuit on behalf of the millions of users whose names appeared in ads without their consent. Facebook eventually paid $20 million in a settlement and scrapped the Sponsored Story ad unit.

5. Forcing You to Make Your Data Searchable

People have always been able to find other users if they Facebook-stalk hard enough, but the company recently removed a feature that allowed users to remove their profiles from search results. Over the years Facebook has also slowly increased the amount of user data that is required to be publicly viewable. Currently, a users’ name, profile picture, cover photo, networks, and gender are public information.

6. Using Facial Recognition Software to Spot You in Photos

Back in 2010 Facebook began experimenting with a new feature that combed through tagged photos in the social network’s vast database in order to help users automatically tag their friends in new uploads. The feature was met with backlash, as users worried about having their facial maps logged on Facebook servers. European regulators asked the company to remove the feature in 2012, and Facebook eventually took it offline worldwide to work on some “technical improvements.” But the feature returned in the U.S. in 2013 and was expanded to include users’ profile pictures in addition to photos they are tagged in. Currently Facebook is working with the U.S. Department of Commerce to draft a voluntary code of conduct on how to use facial recognition software.

7. Giving Your Data to the Government

Unlike companies like Google and Twitter, Facebook has historically declined to publish transparency reports outlining how often law enforcement agencies request access to user data. That all changed after disclosures from Edward Snowden revealed that the National Security Agency was compelling a variety of tech companies, including Facebook, to hand over user information under the Foreign Surveillance Intelligence Act. Facebook pushed back against initial reports that the NSA had unfettered access to their trove of user data, and has been lobbying with other tech giants for the freedom to publish more info about FISA court orders for user data. This week the company got its wish and was able to reveal some data about NSA requests, though the government won’t allow precise numbers to be disclosed (the number of users being targeted through disclosed FISA requests is small). Facebook has vowed to push for further transparency regarding government access of data.

More Must-Reads from TIME

Contact us at letters@time.com