Meta

Hard Questions: What Data Does Facebook Collect When I’m Not Using Facebook, and Why?

Hard Questions is a series from Facebook that addresses the impact of our products on society.

By David Baser, Product Management Director

Last week, Mark Zuckerberg testified in front of the US Congress. He answered more than 500 questions and promised that we would get back on the 40 or so questions he couldn’t answer at the time. We’re following up with Congress on these directly but we also wanted to take the opportunity to explain more about the information we get from other websites and apps, how we use the data they send to us, and the controls you have. I lead a team focused on privacy and data use, including GDPR compliance and the tools people can use to control and download their information.

When does Facebook get data about people from other websites and apps?
Many websites and apps use Facebook services to make their content and ads more engaging and relevant. These services include:

When you visit a site or app that uses our services, we receive information even if you’re logged out or don’t have a Facebook account. This is because other apps and sites don’t know who is using Facebook.

Many companies offer these types of services and, like Facebook, they also get information from the apps and sites that use them. Twitter, Pinterest and LinkedIn all have similar Like and Share buttons to help people share things on their services. Google has a popular analytics service. And Amazon, Google and Twitter all offer login features. These companies — and many others — also offer advertising services. In fact, most websites and apps send the same information to multiple companies each time you visit them.

What kind of data does Facebook get from these websites and apps?
Apps and websites that use our services, such as the Like button or Facebook Analytics, send us information to make their content and ads better. To understand more about how this happens, it helps to know how most websites and apps work. I’ll use websites as an example, but this generally applies to apps, too.

When you visit a website, your browser (for example Chrome, Safari or Firefox) sends a request to the site’s server. The browser shares your IP address so the website knows where on the internet to send the site content. The website also gets information about the browser and operating system (for example Android or Windows) you’re using because not all browsers and devices support the same features. It also gets cookies, which are identifiers that websites use to know if you’ve visited before. This can help with things like saving items in your shopping cart.

A website typically sends two things back to your browser: first, content from that site; and second, instructions for the browser to send your request to the other companies providing content or services on the site. So when a website uses one of our services, your browser sends the same kinds of information to Facebook as the website receives. We also get information about which website or app you’re using, which is necessary to know when to provide our tools.

This happens for any other service the site is using. For example, when you see a YouTube video on a site that’s not YouTube, it tells your browser to request the video from YouTube. YouTube then sends it to you.

How does Facebook use the data it receives from other websites and apps?
Our privacy policy explains in detail what we do with the information we receive — and we just updated the policy to make it easier to read. There are three main ways in which Facebook uses the information we get from other websites and apps: providing our services to these sites or apps; improving safety and security on Facebook; and enhancing our own products and services. I’ll share a little more about each of these, but first I want to be clear: We don’t sell people’s data. Period.

Providing Our Services

Keeping Your Information Secure

We also use the information we receive from websites and apps to help protect the security of Facebook. For example, receiving data about the sites a particular browser has visited can help us identify bad actors. If someone tries to log into your account using an IP address from a different country, we might ask some questions to verify it’s you. Or if a browser has visited hundreds of sites in the last five minutes, that’s a sign the device might be a bot. We’ll ask them to prove they’re a real person by completing additional security checks.

Improving Our Products and Services

The information we receive also helps us improve the content and ads we show on Facebook. So if you visit a lot of sports sites that use our services, you might see sports-related stories higher up in your News Feed. If you’ve looked at travel sites, we can show you ads for hotels and rental cars.

What controls do I have?
As Mark said last week, we believe everyone deserves good privacy controls. We require websites and apps who use our tools to tell you they’re collecting and sharing your information with us, and to get your permission to do so.

We give you a number of controls over the way this data is used to provide more relevant content and ads:

Whether it’s information from apps and websites, or information you share with other people on Facebook, we want to put you in control — and be transparent about what information Facebook has and how it is used. We’ll keep working to make that easier.

Update on May 1, 2018: Today we announced plans to build Clear History, a way to give people more information and control over the data Facebook receives from other websites and apps that use our services.