Facebook Messenger: Privacy and information Sharing Overview.

Facebook messenger adheres to the data policy of Facebook.

What are the kinds of information collected by Facebook from the user?

1. There is certain information that the user provides to Facebook while using the service, such as:

  • The content, such as the location of a photo or the date a file was created, communications (messages) and some other information user provides while signing up for their messenger account.
  • The people, accounts and groups that the user is connected to and how the user interacts with them.
  • Any uploads made or imported from the user’s device such as address book or call logs or SMS log history.
  • User’s usage of the messenger service.
  • Device information such as the computers, phones, connected TV’s and other web-connected devices that the user use for integrating with the service. Such information includes the operating system, hardware and software versions, battery level, signal strength, available storage space, browser type, app and file names and types, and plugins, Identifiers, Operations on the device, device signals, GPS location, camera, photos, IP address, connection speed, mobile phone number, cookie data etc.

2. Information provided by Facebook partners:

The information that these partners collect from the user and provide to Facebook are:

  • User’s activities off Facebook.
  • Partners receive users’ data when users visit or use their services, or through third parties that they work with.  

Facebook mandate each of their partners to have lawful rights to collect, use and share users’ data before providing any data to Facebook.

For the partners to collect such data, it is not necessary for the user to have a Facebook account or is logged in to Facebook. For example, a game developer could use facebook’s API to tell Facebook what games user’s play, or a business could tell Facebook about a purchase user made in its shop.             

Facebook also receive information about users’ online and offline actions and purchases from third-party data providers who have the right to provide Facebook with users’ information.

These partners include Advertisers, App developers and publishers. They can send information to Facebook through Facebook business tools  that they use, including facebook’s social plug-ins (such as the Like button),

How does Facebook messenger use the information collected by them from the user?

Facebook says that they use the information to provide and support their service.

  • To Provide, personalise and improve their Products: Such as ads.
  • To Provide measurement, analytics and other business services.
  • Promote safety, integrity and security of the service: For instance: To investigate suspicious activity or breaches of their Terms or Policies, or to detect when someone needs help.
  • Communicate with the user: To send marketing communications to the user, communicate with the user about their Products and inform them about their Policies and Terms.
  • Research and innovate for social good: To conduct and support research and innovation on topics of general social welfare, technological advancement, public interest, health and well-being.

To whom and how does Facebook messenger share the information of the user?

With the other user: Information about the active status of a user on the service. People in users’ networks can see signals telling them whether they are active on messenger.

Apps, websites and third-party integrations: When the user shares or uses any websites, apps or third-party products while using messenger. They can receive information about the user while using these platforms. Information collected by these third party services is used according to their terms and policies.

With the new owner: In case when ownership or control of the product is transferred. Facebook may transfer the user’s information to the new owner.

Sharing with third-party partners: Facebook works with third-party partners who help them to improve their business. Facebook mentions that they don’t sell any of the user’s information to anyone. They tend to impose strict restrictions on how their partners use and disclose the data provided by the user.

The third parties are Advertisers, Measurement Partners, Vendors and service providers, Researchers and academics, law enforcement or legal request.

Which law enforcing situations does Facebook responds to?

Facebook access, preserve and share user’s information with the law regulators, law enforcement or in the below-mentioned situations:

  • In response to a legal request:  Such legal requests can be in the form of a search warrant, court order or subpoena. If Facebook has a good faith belief that the law requires them to do so. These legal requests may include responding to legal requests from jurisdictions outside of the United States. In the cases when Facebook has a good-faith belief that such response is required by law in that jurisdiction. The reason being such response affects users in that jurisdiction and is consistent with internationally recognized standards as well.

  • In good faith: When Facebook has a good-faith belief that such a response is necessary:

  • To detect, prevent and address fraud and unauthorized use of their services.

  • Prevent breaches of their Terms or Policies, or other harmful or illegal activity or to protect themselves. Including their rights, property or Products.

  • As part of investigations or regulatory enquiries.

  • To prevent death or imminent bodily harm.

All the information received by Facebook of the user can be accessed and preserved for an extended period in case of a legal request or obligation, governmental investigation or any investigation happening on the violation of their terms and policies or otherwise to prevent harm.

*Facebook also retains information from disabled accounts, in case of term breaches for at least a year to prevent repeat abuse or other term breaches.

Facebook has received total 173,592 requests in the duration of Jan-Jun 2020. Out of which in 72.8% of the requests data was produced.

Government requests for user data, Transparency Report.

Does Facebook report data on U.S. national security requests?

Facebook says that they report U.S. national security data requests. This includes a breakdown of foreign intelligence surveillance act orders (FISA requests are reported in 6 months), including content and non-content information of the accounts and the national security letters.

In the United States, Facebook has received 61,528 requests, out of which in 88% cases data was produced.

United States, Transparency Report ( Jan-Jul 2020)

These requests break into:

  • Facebook received 35, 856 requests through Search warrants out of which in 89 % of cases, data was produced.
  • Facebook received 10, 245 requests through Subpoena, out of which in 85% of cases data was produced.
  • Facebook received 305 requests through Title III, out of which in 97% of cases data was produced.
  • Facebook received 8,314 requests through Pen Register / Trap & Trace, out of which in 94% of cases data was produced.
  • Facebook received 1,050 requests through Court Order: 18 USC 2703(d) (A court order issued by a judge or magistrate based on a finding that there are specific and articulable facts showing that the information requested is relevant and material to an ongoing criminal investigation), out of which in 89% cases data was produced.
  • Facebook received 2,140 requests through Court Order: Others (Includes orders issued by a judge for law enforcement purposes that are not included in other reporting categories), out of which in 92% of cases data was produced.

Do Facebook receive requests through the Mutual Legal Assistance Treaty (MLAT)?

Facebook mentions that they receive requests through MLAT. It is a formal mechanism for the countries to cooperate in criminal cases. Countries that have an MLAT signed with the United States can use this way to seek data from Facebook.

How many Legal requests were made to Facebook from India?

Total requests 35,560, out of which in 50% cases data was produced.

Country Overview India, Transparency Report (Jan-Jun 2020).

Facebook also restricts content based on local law. Such restrictions are made in the country or region where any content is alleged to be illegal.

One of the instances of such restriction is India.

Facebook also restricted access to content in India in response to legal requests from law enforcement agencies, court orders, and the Ministry of Electronics and Information Technology.

(a) In the duration of Jan – Jun 2020, Facebook restricted access in India to 681 items in response to directions from the Ministry of Electronics and Information Technology for violating Section 69A of the Information Technology Act, 2000. This included content against the security of the state and public order. Out of these items, 9 were restricted temporarily. Facebook also restricted access to 143 items in response to private reports of defamation.

(b) In the duration of Jul – Dec 2019, the restricted Content was alleged to violate Indian laws on the grounds listed under Section 69A of the Information Technology Act, 2000. The categories were hate speech, anti-religion content constituting incitement to violence, defamation, extremism, anti-government, and anti-state content. Facebook also restricted access to 358 items in response to private reports of defamation.

(c) In the duration of Jan – Jun 2019, Content restricted was alleged to violate Indian laws on the grounds listed under Section 69A of the Information Technology Act, 2000. The primary categories were hate speech, anti-religion content constituting incitement to violence, defamation, extremism, anti-government, and anti-state content. Facebook also restricted access to 217 items in response to private reports related to defamation.

Facebook also temporarily restricted access to 448 items in response to reports received from the Elections Commission of India alleging that the content was subject to election blackout periods. Access to this content was restored after the election period.

(d) In the duration of Jul-Dec 2018, Content restricted was alleged to violate Indian laws on the grounds listed under Section 69A of the Information Technology Act, 2000. The primary categories were hate speech, anti-religion content constituting incitement to violence, extremism, and anti-state content.

  • Around 16,600 items were restricted based on a Delhi High Court order regarding claims made about PepsiCo products.

  • Facebook restricted a further 29 items in response to other court orders related to defamation.

(e) In the duration of Jan -Jun 2018, the majority of the content restricted was alleged to violate Indian laws relating to anti-religion content, anti-state content, and hate speech.

  • Facebook also restricted access to 252 items in response to court orders related to defamation.

(g) In the duration of Jan-Dec 2017, the majority of content restricted was alleged to violate local laws relating to defamation of religion and hate speech, and defamation of the state.

(h) In the duration of July-Dec 2016, the majority of content restricted was alleged to violate local laws against anti-religious speech, hate speech, and disrespect of national symbols.

(i) In the duration of Jan-Jun 2016, the majority of content restricted was alleged to violate local laws against anti-religious speech and hate speech.

In 2016, the Supreme Court of India amended the proper interpretation of the Information Technology Act, 2000. After being informed by the decision of the supreme court, Facebook ceased acting upon the legal requests to remove access to content unless it is received by the way of binding order of the court or notification of the authorized agency confirming to the constitutional safeguards as directed by the Supreme Court.

Shreya Singhal v. Union of India AIR 2015 SC 1523

(l) In the duration of Jan-Dec 2015, the majority of the content was restricted under local laws against anti-religious and hate speech that could cause unrest and disharmony within India.

Facebook also restricted access to content in categories these agencies identified as illegal that has been brought to the attention of Facebook by non-government entities, such as NGOs and members of the Facebook community.

(n) In the duration of Jan-Dec 2014, the majority of the content was restricted under local laws against anti-religious and hate speech that could cause unrest and disharmony within India.

How long does Facebook store users’ data?

Facebook stores data, until it is no longer necessary to provide their services or the user’s account, is deleted, whichever comes first. Such storage depends upon case to case, such as, why the data was collected, processed, its legal and operational retention needs. For Instance: A copy of the user’s government-issued ID for account verification purposes is deleted 30 days after the review unless stated otherwise.

What legal frameworks apply while the operation and transfer of data globally?

User’s information may, be transferred or transmitted to, or stored and processed in the United States or other countries.

Facebook utilises standard contract clauses, and rely on the European Commission’s adequacy decisions about certain countries. Facebook obtains users’ consent for these data transfers to the United States and other countries.

Do Facebook companies transfer users’ information amongst their companies?

Facebook mentions that it transfers users’ information across Facebook Companies for the purposes which are permitted by the applicable law and in compliance with their Terms and Policies. For Instance: Facebook process information from WhatsApp about accounts sending spam on its service so that they can take appropriate action against those accounts on Facebook, Instagram or Messenger.

Which legal framework does Facebook adhere to regarding the collection and processing of personal data from their advertisers, customers or business partners in the European Union and, Switzerland?

Facebook has certified to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework with the US Department of Commerce.

Facebook uses the personal data provided by its Partners to provide Partner Services. In accordance with the terms applicable to the relevant Partner Service.

Can Facebook transfer the user’s data to third parties under privacy shield principles?  

Facebook is liable for any processing of personal data by such third parties which is inconsistent with the Privacy Shield Principles. Unless Facebook was not responsible for it. Other such situations are:

  • Legal requests:  Personal data transferred to Facebook by its Partners is subject to disclosure in case of legal requests or other judicial and government processes.
  • Law Enforcement agencies:  Facebook’s compliance with the Privacy Shield Principles makes it subject to the investigatory and enforcement powers of the US Federal Trade Commission.

REFERENCES

Disclaimer: “Vestralex assumes no responsibility or liability for any errors or omissions in the content of this Article. The information contained in this article is provided on an “as is” basis as sourced with no guarantees of completeness, accuracy, usefulness or timeliness. This article contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. This article and the information contained herein is not intended to be a source of advice or analysis with respect to the material presented, and the information and/or documents contained in this article do not constitute advice. All copyrights and trademarks contained herein are properties of their respective owners, any representation of such rights and marks is purely for informational purposes only. This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.”

Vestralex Winter Internship Program

Vestralex Winter Internship Program (VWIP) is an initiative undertaken by Vestralex to help raise legal literacy and general awareness about practices and procedures in law through intern participation and content  creation

Picture of Hemani Khadai

Hemani Khadai

An Advocate endorsing enlightenment. Imparting Digital literacy. Contemporary areas cover Privacy of Data and information on social media platforms.
All Posts

Leave a Replay

NOTICE BOARD

COMMUNITY CLASSES

Register here!

Community Volunteer

Get a unique chance to learn and grow by volunteering with Team Vestralex.
Click Here
Volunteer
PARTICIPANT TALK
Nilesh D Sharma
Nilesh D SharmaAdvocate - Pune
Read More
Both the Speaker's are Excellent. Thanks for arranging such a Good and Knowledgeable Webinar. Looking forward to attend many more. Thanks and Regards.
Bharatha Lakshmi
Bharatha LakshmiAdvocate - Andhra Pradesh
Read More
Excellent..,..we r very much blessed to share about a international law also
Tanvi Pandey
Tanvi PandeyStudent
Read More
Very interactive sessions. Thank you for providing us all a platform to learn, grow and connect.
Harshal Modekar
Harshal ModekarAdvocate - Mumbai
Read More
Both the lecture were very much informative and I've learner multiple things in practical after attending lecture.
Ishani Chauhan
Ishani ChauhanStudent
Read More
The session was very interesting and very informative. I have learnt a lot of thing's from the lecture.... would love to attend more lectures on what is crime and who's the criminal
Shweta Kumari
Shweta KumariStudent
Read More
Today's class was interesting. Sir has really been a motivation for me as am also a first generation law student and will be a lawyer too in future.
Previous
Next
STAY IN TOUCH
Facebook-f Twitter Instagram Linkedin Youtube

Subscribe to Our Newsletter!

vestralex © 2017-24 All rights reserved

acta - non - verba

Success!

Thank you for subscribing to the Vestralex newsletter!