Facebook emails show us again that profits come before privacy

Is anyone surprised?

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
3 min read

Facebook CEO Mark Zuckerberg addresses data privacy at the company's annual developer conference in 2018.

James Martin

Facebook thought your data had a specific dollar value, despite the fact that the company says it never directly sells your personal information. 

That's what documents released by the UK Parliament on Wednesday appear to reveal, muddying Facebook's frequent claim that it simply uses your data to sell advertisements.

Facebook has responded in a statement reiterating that it has never sold access to user data. Privacy experts aren't having it. 

"Facebook considers advertisers and developers its customers, not its users," said Fatemeh Khatibloo, an analyst at Forrester who focuses on user privacy. "User privacy and transparency will always take a backseat to platform monetization."

It's one more reason to remember that your privacy isn't the first priority of tech companies. Instead, profits come first. That shouldn't be a surprise to anyone anymore. It's been staring us in the face for ages.

Forget the fact that Facebook already underwent a catastrophic privacy crisis earlier this year when reports revealed data on 87 million Facebook users wound up in the hands of political consultancy Cambridge Analytica. Top tech execs have been telling us for nearly two decades that privacy is dead.

It's been almost nine years to the day since Google's then-CEO Eric Schmidt made it clear that tech companies aren't going to shy away from collecting and monetizing your data, saying, "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place." And it's also almost 20 years since Scott McNealy, then-CEO of Sun Microsystems, told reporters, "You have zero privacy anyway," and added, "Get over it."

More data, more money

So what's your data worth? About ten cents a year, according to an email Facebook CEO sent Mark Zuckerberg in October of 2012. In the note, Zuckerberg played with the idea of valuing user data at 10 cents per user each year. The idea was that app developers could buy their way into accessing user data -- and their friends' data, too -- by paying for other Facebook products. Zuckerberg was also willing to charge them directly, according to the email.

"If the revenue we get from those doesn't add up to more [than] the fees you owe us, then you just pay us the fee directly," Zuckerberg wrote. In response to questions about Zuckerberg's email, Facebook directed CNET to its statement Wednesday, which said Facebook never used Zuckerberg's plan. 

"[W]e ultimately settled on a model where developers didn't need to purchase advertising to access APIs and we continued to provide the developer platform for free," the statement reads. The company also said the emails were "cherrypicked" as part of ongoing litigation with app developer Six4Three.


Eric Schmidt with Vic Gundotra at a Google developer conference in 2010. Schmidt said in 2009 that internet users shouldn't do things they want kept private.

James Martin

While it's just one email, and Facebook says it didn't carry out Zuckerberg's idea, the takeaway is clear, said Lorrie Faith Cranor, director of the CyLab Usable Privacy and Security Laboratory at Carnegie Mellon University.

"This email certainly doesn't express any value of privacy or protecting users," said Cranor, who served as Chief Technologist at the US Federal Trade Commission in 2016. "This is expressing that data is a corporate asset, and that we don't want to give it away."

Not just Facebook

Facebook continues to face scrutiny over its privacy practices, but it isn't the only company that trades on personal data in ways that are hard for users to wrap their minds around, Cranor said.

"I think most of us don't really know who has access to our data and how it's going to be used," Cranor said. "Even if you try to be diligent, it's just really hard to know."

Facebook is just a very high-profile example of that problem. Its claim that it doesn't sell user is based on a narrow interpretation of the word sell," said Arvind Narayanan, a professor of computer science at Princeton University who specializes in privacy. But that leaves users confused and unsettled about what happens to data that feels very personal.

"This business model constantly pushes the company towards hypersurveillance," Narayanan said.

Correction, Dec. 6 at 9:13 a.m.: This story has been updated to correct the name of Scott McNealy.

Security:  Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.

Cambridge Analytica: Everything you need to know about Facebook's data mining scandal.