These stem partly from the company's revenue model that involves selling information collected about its users for many things including advertisement targeting.
In September 2024, the Federal Trade Commission released a report summarizing 9 company responses (including from Facebook) to orders made by the agency pursuant to Section 6(b) of the Federal Trade Commission Act of 1914 to provide information about user and non-user data collection (including of children and teenagers) and data use by the companies that found that the companies' user and non-user data practices put individuals vulnerable to identity theft, stalking, unlawful discrimination, emotional distress and mental health issues, social stigma, and reputational harm.
A visitor to the site copied, published and later removed the code from his web forum, claiming he had been served and threatened with legal notice by Facebook.
A Facebook representative explained to a student from the University of British Columbia that users had to clear their own accounts by manually deleting all of the content including wall posts, friends, and groups.
[28] In July 2007 Adrienne Felt, an undergraduate student at the University of Virginia, discovered a cross-site scripting (XSS) hole in the Facebook Platform that could inject JavaScript into profiles.
[35] Facebook enabled an automatic facial recognition feature in June 2011, called "Tag Suggestions", a product of a research project named "DeepFace".
National Journal Daily claims "Facebook is facing new scrutiny over its decision to automatically turn on a new facial recognition feature aimed at helping users identify their friends in photos".
[38][40] Naomi Lachance stated in a web blog for NPR, All Tech Considered, that Facebook's facial recognition is right 98% of the time compared to the FBI's 85% out of 50 people.
[47] In early November 2015 Facebook was ordered by the Belgian Privacy Commissioner to cease tracking non-users, citing European laws, or risk fines of up to £250,000 per day.
[67] In December 2020, the German Federal Cartel Office (Bundeskartellamt) launched an antitrust investigation into Facebook's mandatory integration of its social networking platform with its virtual reality products.
Ars Technica noted that the new terms of service and privacy policies associated with Meta account system could allow enforcement of a real name policy (stating that users would be obligated to provide "accurate and up to date information (including registration information), which may include providing personal data", and still allowed for "rampant" use of user data by Meta, especially if linked with other Facebook apps.
This information had been previously leaked through a feature allowing users to find each other by phone number, which Facebook fixed to prevent this abuse in September 2019.
[72] The Irish Data Protection Commission, which has jurisdiction over Facebook due to the location of its EU headquarters, then opened an investigation into the breach as a possible violation of GDPR.
[73] There have been allegations by some users that Facebook's mobile app is capable of listening to conversations without consent, citing instances of the service displaying advertisements for products that they had only spoken about, and had otherwise had no prior interactions with.
The company also stated that it had recently suspended human reviews after scrutiny over Amazon, Apple, and Google's use of similar practices for their voice assistant platforms.
[76] Since then, Facebook has bolstered security protection for users, responding: "We've built numerous defenses to combat phishing and malware, including complex automated systems that work behind the scenes to detect and flag Facebook accounts that are likely to be compromised (based on anomalous activity like lots of messages sent in a short period of time, or messages with links that are known to be bad).
[21][non-primary source needed] In the United Kingdom the Trades Union Congress (TUC) has encouraged employers to allow their staff to access Facebook and other social-networking sites from work, provided they proceed with caution.
[80] Concerns were also raised on the BBC's Watchdog program in October 2007 when Facebook was shown to be an easy way to collect an individual's personal information to facilitate identity theft.
[85][86][87] Criticism of this practice emerged in 2018, when Facebook began to advertise the Onavo Protect VPN within its main app on iOS devices in the United States.
[94][95] On January 30, 2019 Apple temporarily revoked Facebook's Enterprise Developer Program certificates for one day, which caused all of the company's internal iOS apps to become inoperable.
[99][100] In 2010 the Wall Street Journal found that many of Facebook's top-rated apps—including apps from Zynga and Lolapps—were transmitting identifying information to "dozens of advertising and Internet tracking companies" like RapLeaf.
[103][104] In 2009 and 2010 the fact that Facebook was not requiring connections to use HTTPS other than at login meant that a routing glitch at AT&T caused cookie to end up on the wrong users' phones.
[109] Following the revelations of the breach, several public figures, including industrialist Elon Musk and WhatsApp cofounder Brian Acton, announced that they were deleting their Facebook accounts, using the hashtag "#deletefacebook".
[124] Federal, state, and local investigations have not been restricted to profiles that are publicly available or willingly provided to the government; Facebook has willingly provided information in response to government subpoenas or requests, except with regard to private, unopened inbox messages less than 181 days old, which would require a warrant and a finding of probable cause under federal law under Electronic Communications Privacy Act (ECPA).
[125] Since the U.S. Congress has failed to meaningfully amend the ECPA to protect most communications on social-networking sites such as Facebook, and since the U.S. Supreme Court has largely refused to recognize a Fourth Amendment privacy right to information shared with a third party, no federal statutory or constitutional right prevents the government from issuing requests that amount to fishing expeditions and there is no Facebook privacy policy that forbids the company from handing over private user information that suggests any illegal activity.
[126] In 2022 Nesbraska police charged a teenage girl and her mother after obtaining Facebook messages which allegedly showed that they performed an illegal self-managed medication abortion.
University of Ottawa law students Lisa Feinberg, Harley Finkelstein, and Jordan Eric Plener, initiated the "minefield of privacy invasion" suit.
[142] Other politicians reportedly lobbied by Facebook in relation to privacy protection laws included George Osborne (then Chancellor of the Exchequer), Pranab Mukherjee (then President of India), and Michel Barnier.
[150] On January 23, 2006 The Chronicle of Higher Education continued an ongoing national debate on social networks with an opinion piece written by Michael Bugeja, director of the Journalism school at Iowa State University, entitled "Facing the Facebook".
This policy is in compliance with a United States law, the 1998 Children's Online Privacy Protection Act, which requires minors aged under 13 to gain explicit parental consent to access commercial websites.