December 13, 2011, 2:02PM
Twenty Something Asks Facebook For His File And Gets It - All 1,200 Pages
56 CommentsBe careful of what you ask for. That's a lesson that Max Schrems of Vienna, Austria, learned the hard way when he sent a formal request to Facebook citing European law and asking for a copy of every piece of personal information that the world’s largest social network had collected on him.
After a wait, the 24 year-old law student got what he was seeking: a CD with all his data stored on it - 1,222 files in all. The collection of PDF format documents was roughly the length Leo Tolstoy's War and Peace but told a more mundane story: a record of Schrems' years-long relationship with the world's largest social network.
Collected together were records of when Schrems logged in and out of the social network, the times and content of sent and received messages and an accounting of every person and thing he’s ever liked, posted, poked, friended or recorded. The archive captured friend requests, former or alternative names and email addresses, employment and relationship statuses and photos, in some cases with their GPS locations included, to name a few. To Schrems' dismay, much of the data he received from the network was information he thought he had deleted. Facebook, it seems, doesn't think much of the Delete key and continued to hold copies of the data on its servers.
Editor's Pick
The social network provides all its users with a feature for downloading their personal data. However, EU Directive 95/46/EC (PDF), which gives persons the "right of access to data relating to him" in order to verify the accuracy of that data and the lawfulness of how it is being used.
Schrems’ experience has inspired a legal project he’s working on called Europe vs. Facebook to increase transparency on Facebook, make opt-in data access the default (instead of opt-out) and to encourage data-minimization on the network.
Though EU privacy laws are generally more stiff than those in the U.S., Facebook is under pressure at home as well as abroad. The FTC proposed a settlement in late November requiring the site to take the privacy of its users more seriously by subjecting itself biennial privacy audits.
Also, the U.S. House Subcommittee on Oversight and Investigations and the Congressional Bipartisan Privacy Caucus recently wrote a letter [PDF] to Facebook founder and CEO, Mark Zuckerberg. The letter seeks to find out more about Facebook’s information collection and archiving practices of users and non-users, whether or not there is an opt-out option for all data collection, and why Facebook’s privacy policy has expanded from just over 1,000 words in 2005 to its present incarnation of almost 6,000 words among other things.
So how much data is Facebook collecting on you? To help laypeople understand, the Web site Taz.de has taken Schrems' data and visualized in different ways. You can find them here.You can find a list of the groups of data disclosed to Schrems by Facebook here.
Commenting on this Article is closed.
Today's Most Popular
- Yahoo Includes Private Key in Source File For Axis Chrome Extension
- FBI Warns Top Firms Of Anonymous Protest Hacks on May 25
- Researchers Unveil New Way to Trust Certificates
- DNSChanger Lingers: 330k Systems Still Infected, 77,000 In The U.S.
- Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops
Most Commented Stories
Newsletter Sign-up
Take Our Poll
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you
Connect to anything
22%
Only connect to password-protected, secure connections
38%
Only use websites with HTTPS
28%
I don’t pay attention to how I access the internet while traveling
13%
Total votes: 72
Follow Threatpost
 |  |  |  |
| Tumblr |
Comments
What is such a hard way about getting a CD with PDF's on it ? I'm not sure what the lesson is, he asked for it, he got it..
It tells you just how facebook knows everything about you. Would you want facebook to know EVERYTHING there is to know about you? Too personal if you ask me. It kills the privacy that people once had.
What's the story here? He asked for his data and he got it. So what?
How is this news?
I fail to see how details regarding how individuals' private data being kept/used is ever not news.
The story is what was received and not that the request was fulfilled...
Because Schrems ikntended and believed it had deleted it . Please read the article in full. Hugh.
it was A LOT of data
"However, EU Directive 95/46/EC (PDF), which gives persons the "right of access to data relating to him" in order to verify the accuracy of that data and the lawfulness of how it is being used." However what? And why doesn't the standard data download comply with the law?
"What's the story here? He asked for his data and he got it. So what?"
Did you even read the story???
...1,222 pages???
...FB knows every little thing about EVERYONE he's ever contacted!!
...He had deleted info and FB didn't actually delete it.
...Exact times that he's logged in and out.
...GPS locations.
FB knows more about you than God does!!!!!!!!!
That would be because Facebook actually exists.
LOL
:)
It is common practice not to delete informations about user activities from database - instead flag named 'deleted' is set to 'true' (or 1). It is done this way to keep databases consistant when 'it specialist' does not realy know how to program db or speed concerns are top priority.
Never use social networks with your real name/surname. Never install their software on cell phones. Never ever upload any pictures to those services (face recognition software is scary).
PS.
Remember... they are watching your every step... I need to run before they catch me XD.
let me go get that tinfoil hat for you, just a sec
It is a big deal. You will see. The future has a way of creepig up o you.
Ummm.... do you people realize that using facebook is not a requirement or a right?... If you don't like that facebook tracks all this sh*t, the solution is easy, don't use facebook. Problem solved.
no, that is not the solution.... facebook also gathers information of non facebookers
The problem is that even if I don't use FB, my friends might. They can post photos I am in and tag me, answer quiz questions about me, and mention me in messages. Not using FB does not necessarily keep your personal data out of its servers.
Awesome answer
Sure. Don't use it if you never have. That doesn't really help if you have used it and have since thought the better of it and canceled? Kind of important to know whether your personal data still exists on their servers.
A voice of reason....thought this was pretty much lost in today's world. Never had a FB account and never will....the rest are just sheep to the slaughter
Isn't the key word to why this is not a problem - "consent"?
By getting a facebook account you also agree to your data being registered?
You read their agreement and agree to open an account, with the good and bad that that brings
In regards to the friend with my e-mail adress - I suppose that entierly different though, you don't generally store or keep a lot of e-mail adresses in facebook, it's no address book as such...
is there a way to completely delete all personal information off facebook?
The problem is about DELETING. He asked FB to delete things, yet it is listed still in the 1'200 pages. When you delete something you want it deleted permanently and not just "mark as deleted". Deleted things (posts, mails, chats ...) shouldn't be in those pages! In the USA it's maybe ok (different laws). In Europe it's not!
It looks like there is no way to delete things permanently, FB makes you believe it, but it's not true, as you can see in the exemple.
It gets deleted from the GUI, but they will keep this data stored in their database. Eventually they will archive it. However, it will always be there. I'm not sure why this is so shocking. It's no different than how companies manage their databases and old data/tables. They typically archive, not delete. Once deleted, it's gone forever. Legally, this is a good way to "cover your ass".