ADVERTISEMENT
	Home & Business Computer Repair | My Computer Works My Computer Works keeps your technology running smoothly. With computer repair support and tech solutions for home and small business, we’re the fast, friendly experts you can count on.

LEGAL BRIEF

By Max Stul Oppenheimer, Esq.

On July 26, Meta (aka Facebook) changed its privacy policy.

So this is a good time to ask two questions: what’s in the new policy, and what should you do about it?

You can find the new privacy policy here. Settle in — it’s enormous.

While Meta and other social-media companies have “privacy” policies, and while many states and foreign countries have privacy laws, the more ubiquitous law governing control of private information is trade-secret law.

To begin with, there are two types of information relating to you: public information and private information. You have no control over public information. If you post information in a public forum, or if your information is legally made public (for example, if you are a member of a regulated industry and the regulator lists your name), you have no control over how the public might use the information. (Regular readers will note that the word “information” is deliberately chosen and important — the public can use the information, but not necessarily the form in which it is presented. See The problem with copyright: fair use, 2021-04-05.)

On the other hand, information which you possess — whether it is about you or not — can be protected under trade-secret law as long as it meets two conditions. First, it is information not generally known or ascertainable by proper means. Second, you take reasonable steps to keep it confidential. Obviously, the best step to take to maintain confidentiality is not to tell anyone. Sometimes that is not feasible.

An alternative is to disclose the information subject to a nondisclosure agreement, essentially a contract that limits how the person to whom the information is disclosed may use the information. Trade-secret protection is a matter of state law, but many states have adopted the Uniform Trade Secrets Act, which provides additional protection to disclosures of information which may not have been subject to a formal nondisclosure agreement but which is obtained under circumstances indicating that it is intended to be confidential. In general, the Uniform Trade Secrets Act prohibits acquisition, use, or disclosure of confidential information without permission.

So if you post something on a public website such as Facebook/Meta, it’s hard to see how you could consider it confidential. After all, the point is to make it publicly available — that means you don’t meet the first requirement for trade-secret protection (it’s ascertainable by proper means).

Why, then, does Meta need a privacy policy?

Part of the answer is that various governments have enacted privacy laws that go beyond trade secret protection. Once a country that is a significant market imposes rules, it provides an incentive to apply those rules worldwide, to avoid the need for multiple rules and to reduce the risk that a user triggers the rules of a stricter jurisdiction.

Another part of the answer is that Meta wants to collect and use information that is not made public — metadata and data that your device records but that you choose not to post publicly.

What follows is a summary of some provisions of the new policy. It may seem like a cop-out to say, “You need to read the policy yourself,” but it is a massive hypertext document; choosing what to summarize and how much detail to provide is not easy.

Recall that it is a violation of trade-secret law to “acquire” confidential information without permission. Meta notes:

On our Products, you can send messages, take photos and videos, buy or sell things and much more. We call all of the things you can do on our Products “activity.” We collect your activity across our Products.

Here’s a list of some of the “activity” Meta collects:

The first item above represents things the average user probably intends to be public. The other two items are things voluntarily disclosed to Meta, usually without placing any restrictions on how Meta can use them.

But there is a long list of items that an average user probably does not intend to make generally public, such as:

Meta also “collects and receives information from Partners, measurement vendors, and third parties about a variety of your information and activities on and off our Products.” The information includes:

Meta notes:

This helps us match your activities with your account, if you have one.

We receive this information whether or not you’re logged in or have an account on our Products.

Oh.

But wait! There’s more! Meta also uses:

With respect to the Location Services device setting, Meta also notes:

We also receive and use some location-related information even if Location Services is turned off.

How long does Meta keep the information?

We keep information as long as we need it.

Oh.

Meta’s policy states, “We don’t sell any of your information to anyone, and we never will.” Admirable, but recall that it is also a violation of trade-secret law to “use” confidential information without permission. (And, as we read further, we learn that Meta does “partner” with others.)

Meta uses the collected information. Among the uses listed are:

The fact that such uses may be admirable (promoting safety, for example), or that the use is purely internal, does not make the use any less a violation of trade-secret law — unless the owner has given permission.

Meta also says it will:

Use information that advertisers, businesses and other partners provide us about activity of Meta Products that we have associated with you to personalize ads that we show you on Meta Products, and on websites, apps and devices that use our advertising services

Use information we have, including any information with special protections you choose to share, to provide and improve our Products. This includes personalizing features, content and recommendations, such as your Facebook Feed, Instagram feed, Stories and ads.

And:

We want everything you see to be interesting and useful to you.

Again, these facts do not make the use of confidential information okay without permission.

Meta does not sell your information. But mere disclosure of confidential information without permission violates trade-secret law; a sale is not required.

Meta:

Share[s] information we collect, infrastructure, systems and technology with the other Meta Companies.

Share[s] information we collect globally, both internally across our offices and data centers and externally with our Partners, third parties and service providers.

Provide[s] advertisers with reports about the number and kinds of people who see and engage with their ads. These reports include information about the general demographics and interests of people who engaged with an advertiser’s ad. Then advertisers can better understand their audience.

Meta also provides advertisers and their business partners with information about:

But:

We don’t share information with these advertisers and their business partners that by itself can be used to contact or identify you, such as your name or email address, unless you give us permission.

Note particularly the language “by itself.” Although the specific information Meta provides about you may not “by itself” be enough to personally identify you, that information, when aggregated with other information might be — and Meta offers no assurance that it will prevent this aggregation.

Finally:

Meta provide[s] information to external researchers. They use it to conduct research that advances scholarship and innovation, and to promote safety, security and integrity.

Sounds worthy. Umm … hmmm. I wonder, what specific types of research?

Research goals include supporting: Our business or mission.

Oh.

If you have reviewed the Meta Privacy Policy and, as with a fine mystery novel, find yourself wishing there were more, do not despair. Meta notes that it shares with partners who have their own privacy policies and invites you to track them down:

Integrated Partners handle the information you share with them according to their own terms and policies, not Meta’s. You can review their privacy policy on their website or app to learn how they receive and process your information. In some cases, they use a separate service provider to receive and process your information.

When you accept the terms of service, one of the provisions states that you accept the privacy policy. Assuming this creates an enforceable “click to accept” contract, you have given up any claim to trade secrecy. Recall that one of the requirements for establishing a trade secret is that you must take reasonable steps to protect it — agreeing that Meta can use your information is inconsistent with that requirement.

That leaves two options.

Option one is legislation. The European Union has privacy laws, as do some, but not all, US states. Perhaps Congress will take a similar approach.

Option two is to work within the current system. Meta provides user controls that allow restriction on some, but not all, of the listed information collection, use, and disclosure. (I’m afraid I’m going to need to cop out again and refer you to its website for details.) Users have additional options — restrict what you share, or find a friendlier service.

And a final note: Be conscious of the many types of information that are being collected, especially as Meta and others roll out new services. That private phone call? Not so private if you’ve agreed to let the service provider collect and use its content.

Join the conversation! Your questions, comments, and feedback about this topic are always welcome in our forums!

Max Stul Oppenheimer is a tenured full professor at the University of Baltimore School of Law, where he teaches business and intellectual property law. He is a registered patent attorney licensed to practice law in Maryland and D.C. Any opinions expressed in this article are his and are not intended as legal advice.

ADVERTISEMENT

Enjoying the newsletter? Become a PLUS member and get it all!
	Don’t miss any of our great content about Windows, Microsoft, Office, 365, PCs, hardware, software, privacy, security, safety, useful and safe freeware, important news, analysis, and Susan Bradley’s popular and sought-after patch advice. PLUS, these exclusive benefits: Every article, delivered to your inbox MS-DEFCON Alerts, delivered to your inbox MS-DEFCON Alerts available via TEXT message Total access to the archive of nearly two decades of newsletters No ads Identification as a Plus member in our popular forums We’re supported by donations — choose any amount for a one-year membership.