• by Laurie Sullivan , Staff Writer @lauriesullivan, January 22, 2024

LiveRamp, Acxiom, Experian Marketing Services, Hearts & Science, ODC CA, Epsilon Audience Data Provider, The Home Depot, OMD USA, 4C and Amazon were the companies that most frequently appeared in panelist data in a new study that exposes the extensive monitoring of Facebook users across its platform.

The research claims that as many as 7,000 companies monitor activities from individual Facebook users online.

The data comes from events and custom audiences, and includes information about what people do outside of Meta’s platforms.

Custom audiences allow advertisers to upload customer lists to Meta using identifiers like email addresses and mobile advertising IDs. The customers' information and lookalike audiences made up of similar people can be targeted with ads across Meta’s platforms.

Events -- the other category -- describes interactions the user had with a brand, which can occur outside of Meta’s apps and in the real world.

This can include visiting a page on a company’s website, leveling up in a game, visiting a physical store, or purchasing a product.

The signals originate from Meta software code included in mobile apps, a tracking pixel on websites, and from server-to-server tracking, where a company’s server passes data to a Meta server. It can be seen in the footer of any browser that shares data.

Using a panel of 709 volunteers who shared archives of their Facebook data, Consumer Reports found a total of 186,892 companies sent data about them to the social network.

Each participant in the study, on average, had their data sent to Facebook by 2,230 companies, but the number varied with some panelists’ data listing more than 7,000 companies providing their data. 

A large percentage of the approximately 186,000 companies that appeared in the data were either small retailers, non-national brands, or unidentifiable names. Nearly 48,000 different companies were found in the data of one consumer volunteer.

It appeared to be someone with unusual app use habits. Some 52% of the companies targeted only one of the 709 volunteers. 

In the report, Consumer Reports calls for policy changes covering data collection practices.

Among the recommendations are requirements for companies to adopt data-minimization strategies that call for restricting data. This means collecting the least amount of data needed to provide the service.

Another recommendation is a policy of authorized agents to act on behalf of consumers to protect their rights. Consumer Reports publishes a mobile app called Permission Slip that allows users to opt-out of and delete data from a long list of companies and data brokers on behalf of users.

Similar to Google, Consumer Reports suggests increasing the transparency across Meta apps by creating ad archives that allow the public to see all ads that have been served to users on a platform.  

Consumer Reports, an independent nonprofit, worked with The Markup to recruit 709 volunteers who agreed to share their Facebook data archives, allowing the team to analyze “server-to-server” tracking. This revealed the number of companies that shared user data with Facebook by transferring personal data from their servers to Meta’s servers.

The data showed that 2,230 companies, on average, actively shared data about each user with the social networking app.

“We offer a number of transparency tools to help people understand the information that businesses choose to share with us, and manage how it’s used,” Meta spokesperson Emil Vazquez wrote in an emailed statement to The Markup.

Despite Meta’s terms and conditions and transparency tools, Consumer Reports identified that the identities of many data providers were opaque, and that advertisers often disregarded user opt-out requests.

The study acknowledges that its findings may not be representative of the U.S. population as a whole because the data comes from a self-selected group of users. 

In addition, the results were not demographically adjusted. Consumer Reports also pointed out that participants were probably more privacy-conscious, technically inclined, and likely to be members of Consumer Reports, which indicates a potential bias in the sample.

Trust issues take a front seat with these types of findings, but it’s not limited to Facebook or online.

Writing about how data is used for advertising and marketing makes me pause when I read these types of reports, terms and conditions in apps and on websites, and requests received from companies to share consumer data.

For example, KardiaMobile is a little electronic electrocardiogram that links to an app in a mobile phone that my husband requested we purchase after it went on sale during the holidays. If you call customer service to ask how to change the battery in the tiny device, they send an email requesting your name, phone number, address and serial number based on requirements from the Food and Drug Administration (FDA).

That product ended up in the trash after we received the email. No one asks for that information if you buy a blood-pressure cuff -- not even one that connects to an app.