CNET también está disponible en español.

Ir a español

Don't show this again

Security

Facebook's new data policy: Answers to your privacy questions

We read through it since you probably won't.

Laura Hautala / CNET

One of those privacy policies you probably don't read just got a makeover. 

Facebook, the world's largest social network, revamped the policies it uses when collecting data on the more than 2 billion people who use it every month. As part of the new policy, released April 19, the company is also spelling out more clearly how it collects and uses that information about you. 

The new policy comes in at more than 4,200 words. The language is meant to be easy to understand, but that's still a lot of words to get through. Each one, however, helps us better understand how the company turns our data into personalized recommendations, tailored advertisements and academic research.

The changes come at a time when people are closely watching what Facebook does. Last month, The New York Times and the UK's Guardian and Observer newspapers broke news that millions of Facebook users' data had been leaked to a Donald Trump-linked political consulting firm called Cambridge Analytica. The revelations prompted US lawmakers to call CEO Mark Zuckerberg to Washington for two days of questioning about why Facebook failed to adequately safeguard as many as 87 million users' privacy.

With that in mind, we've read through Facebook's new privacy policy -- the last update was in 2016 -- to answer your most pressing questions. When you have time, the full text of the data policy is ready and waiting for you to read.

Where does Facebook get information about me?

It's sometimes overwhelming to learn just how much info Facebook has on you. For instance, Facebook has a listing for what it thinks your political views are

It finds this information from a mixture of photos, videos and thoughts you post on your timeline. It also gleans data from your interactions with Facebook friends, as well as the pages and posts you "like." 

Plus, the company collects seven different kinds of information it takes from a phone, computer or tablet you're using. That includes data about the version of software you're running, how low your battery is and how much storage you have left on your device. On top of that, Facebook can access information about devices that're connected to the same network you're on.

This kind of info is often used for something industry experts call fingerprinting, which is how websites identify you based on all the data they can collect from your device. Tying that fingerprint to your Facebook account could be a very powerful tool, allowing companies and advertisers to more easily identify you across the internet.

This tracking isn't just so Facebook can keep its eyes on you. These efforts also enable some Facebook services to work more smoothly, like helping you more easily stream video from a device to a TV.

How does Facebook make money off me?

The updated policy includes one of Facebook's most frequently repeated refrains: "We don't sell any of your information to anyone, and we never will." So how did it come to ring up more than $40 billion in revenue in 2017? In large part, it does this by selling access to you.

"We use the information we have about you -- including information about your interests, actions and connections -- to select and personalize ads, offers and other sponsored content that we offer you," the policy says.

Facebook is the middle man connecting advertisers to you, based on the superrich level of detail it has about your tastes, location and personal connections. 

What are my Facebook friends telling app creators about me?

One alarming element of the Cambridge Analytica scandal was how a relatively small group of Facebook users -- about 300,000 of them -- were able to share information on so many millions of users. It happened because Facebook allows apps to collect data on a user's entire network of Facebook friends, and only the user interacting with the app has to give consent.

In 2015, Facebook limited the kinds of data third-party apps can collect on its users, years before news about Cambridge Analytica broke. In the new policy posted to its website, Facebook tells users it's trying to limit this access even further. "For example, we will remove developers' access to your Facebook and Instagram data if you haven't used their app in three months," the policy says.

But some collection of your data through your friends' apps will continue. To totally shut this down, you have to give up using any apps at all through your Facebook account

How long does Facebook keep my data?

That depends. If you delete -- not deactivate, actually delete -- your account, Facebook will delete your posts, including photos and status updates. But that doesn't include the data Facebook got about you from sources other than yourself. So everything Facebook learned about you from your friends, from data brokers and from other websites, is kept for as long as the social network wants it.

The company also hangs onto information it might need for legal reasons, and to prevent abuse on its platform. "For example, if relevant, we exchange with third-party partners about the reliability of your account to prevent fraud, abuse and other harmful activity on and off our products," the policy says.

Do I have any say in this?

You can adjust your settings to change how much of your profile is public and how much you share with third-party apps, as well as other settings. But when it comes to the data policy, you don't have much of a choice. You have to take it or leave it. 

In this case, "leave it" means leaving Facebook. 

Cambridge Analytica: Everything you need to know about Facebook's data mining scandal.

iHate: CNET looks at how intolerance is taking over the internet.