Just before the end of the year, Google wrote an email to Privacy International stating that if a user disables "ads personalization" in the device Advertising ID settings, the advertising identifier can not be used to create user profiles for advertising purposes. This happens whether people have a Facebook account or not, or whether they are logged into Facebook or not.
A new study has revealed that the relaying of sensitive information to Facebook is not coming from the dating apps alone.
Frederike Kaltheuner, a Data Exploitation Programme Lead at Privacy International, says researchers do not know how this data is used for people who do not have a Facebook account: "It's not 100 percent clear when we look at Facebook's privacy policies", Kaltheuner told the Daily Dot.
When an app is opened, the data that is initially sent typically includes things like the fact that a Facebook SDK (Software Developer Kit) is running. It found that almost two thirds of apps sent data to Facebook as soon as they were launched - and it made no difference whether a user had a Facebook account, or was logged out of a Facebook account. Despite not knowing the name the other information like religion, gender, health, interests and routine of the user can be determined.
Read about the saga of Facebook's failures in ensuring privacy for user data, including how it relates to Cambridge Analytica, the GDPR, the Brexit campaign, and the 2016 United States presidential election. Facebook could use this data, later on, to serve ads based on some highly specific demographics.
The report from Privacy International points out that a person with a Muslim prayer app, period tracker, Indeed and a children's app could be identified as likely a female, Muslim, job-seeking parent - even if they had never identified themselves as any of those things on Facebook. Some, such as Kayak, the travel site, then sent detailed information about people's flight searches to Facebook, including travel dates, if the user had children and what flights and destinations they had searched for.
While Facebook says that the onus is on app developers to get users to agree that they have the legal right to collect and share personal data, in June the company launched a feature that allows developers to delay collecting data until the user consents. We ensure that these policies are accessible from each page on Facebook, and that users can access and read these policies when they sign up to Facebook or during updates to these policies'.
Further, the report highlights recommendations for users on how to protect their data.
In a story which unfortunately just keeps giving, Facebook has yet again awarded us with a privacy scandal worthy of note.