Facebook has revealed in a letter sent to U.S. senators that it can locate users even if they opt-out of having location tracking turned on.
The social media company’s deputy chief privacy officer, Rob Sherman, made the disclosure in a letter to senators Christopher Coons (D-Del.) and Josh Hawley (R-Mo.) after they asked about the company’s policies on location tracking.
In it, he explained that even if Facebook users turn off the location settings in their app, the company can piece together various bits of information, such as tagged photos, check-ins, and IP addresses, to determine where the individual is.
“Even if someone does not enable Location Services, Facebook may still understand information about their location based on information that they and others provide through their activities and connections on our services,” Sherman wrote.
“For example, if someone responds to an event on Facebook for a local music festival, uploads a location-tagged post, or gets tagged by a friend in a check-in at a restaurant, these actions would give information about that person’s likely location.
“Similarly, a person might share where they live by setting a location in “marketplace” or adding their address to their profile.”
Sherman went on to explain that Facebook also receives IP addresses and “other network information” when people’s devices connect to Facebook servers.
“Every device connected to the internet is assigned an IP address that identifies its particular connection to the internet … that address identifies where the device is on the internet,” he wrote.
However, he noted that this kind of location sharing could often be inaccurate.
In his letter, Sherman said that Facebook tracks user’s whereabouts to help it and other internet firms protect accounts by detecting suspicious sign-in activities, to help improve targeted ads, and to prevent false news from spreading.
He added that Facebook uses a “centralized engineering team” to handle people’s location-relation information “consistently, responsibly and in conformance with people’s choices.”
Following the letter, both Coons and Hawley criticized Facebook for continuing to make money off of personal information to create targeted services, particularly when the users have explicitly stated they do not want Facebook to have said information.
Others, among them Republican Senator Josh Hawley, called for Congress to intervene over the potential violation of privacy.
“There is no opting out. No control over your personal information. That’s Big Tech. And that’s why Congress needs to take action,” Hawley wrote on Twitter.
CNBC reports that Hawley issued a follow-up statement to the letter, in which he said that while he appreciates Facebook attempts to inform users about their privacy choices, he is concerned that those efforts are “insufficient and even misleading in light of how Facebook is actually treating user data.”
“In their response to our letter, Facebook confirmed that there is no way for users to prevent Facebook from using their location and serving them ads based on that information, even when location access has been turned off.
Facebook claims that users are in control of their privacy, but in reality, users are not given an option to stop Facebook from collecting and monetizing their location information. The American people deserve to know how tech companies use their data, and I will continue working to find solutions to protect Americans’ sensitive information.”
It comes after Australia last week said it will be putting pressure on Facebook to ensure they are not abusing their market power to dominate the country’s advertising market unfairly.
The company is among other tech giants, including Google, to be a part of an inquiry by the competition watchdog, the Australian Competition and Consumer Commission (ACCC), to investigate the impact of digital platforms on competition in the media and advertising sectors in Australia, focusing in particular on the implications for news and journalism.
Meanwhile, Facebook recently said that it is ready for a data privacy law which will go into effect in its home state of California at the start of next year, AFP reports.
The California Consumer Privacy Act (CCPA), which was passed on June 28, 2018, will give internet users the right to see what data big tech companies collect and with whom it is shared.