While Mark Zuckerberg’s hearing in front of the US House Energy and Commerce Committee has thrown up many facts about the company’s privacy practices, one thing Facebook has not touched upon is shadow profiles or creating a data-led profile of those who don’t even use Facebook.

You would know that your Facebook profile data can be easily downloaded and deleted, but US congressmen, house representatives and senators grilled Zuckerberg over the shadow profiles that are hoarded by the company based on your activity outside Facebook.

Shadow Profiles

The chief executive denied knowledge of any shadow profiles when asked by New Mexico Representative Ben Lujan. He asked, “Facebook has detailed profiles on people who have never signed up for Facebook, yes or no?

Zuckerberg replied: “Congressman, in general we collect data on people who have not signed up for Facebook for security purposes to prevent the kind of scraping you were just referring to [reverse searches based on public info like phone numbers].

Earlier, congressman Jerry McNerney had question Zuckerberg, “Is there any other information that Facebook has obtained about me whether Facebook collected it or obtained it from a third party that would not be included in the download?

Photo Credits: Getty Images

To this Zuckerberg said that as far as his understanding is all of a user’s information is included in data downloads. But that’s not the case with shadow profiles. Here’s the full transcript of the portion pertaining to shadow profiles:

Lujan: So these are called shadow profiles, is that what they’ve been referred to by some?
Zuckerberg: Congressman, I’m not, I’m not familiar with that.
Lujan: I’ll refer to them as shadow profiles for today’s hearing. On average, how many data points does Facebook have on each Facebook user?
Zuckerberg: I do not know off the top of my head.
Lujan: Do you know how many points of data Facebook has on the average non-Facebook user?
Zuckerberg: Congressman, I do not know off the top of my head but I can have our team get back to you afterward.
Lujan: It’s been admitted by Facebook that you do collect data points on non-[Facebook users]. My question is, can someone who does not have a Facebook account opt out of Facebook’s involuntary data collection?
Zuckerberg: Anyone can turn off and opt out of any data collection for ads, whether they use our services or not, but in order to prevent people from scraping public information… we need to know when someone is repeatedly trying to access our services.
Lujan: It may surprise you that we’ve not talked about this a lot today. You’ve said everyone controls their data, but you’re collecting data on people who are not even Facebook users who have never signed a consent, a privacy agreement.
And it may surprise you that on Facebook’s page when you go to “I don’t have a Facebook account and would like to request all my personal data stored by Facebook” it takes you to a form that says “go to your Facebook page and then on your account settings you can download your data.”
So you’re directing people that don’t even have a Facebook page to sign up for a Facebook page to access their data… We’ve got to change that.

How Shadow Profiles are Made

Shadow profiles are created when someone you know uploads their contacts and other data to Facebook, even though you yourself are not signed up. Facebook can collect such data from a number of users and narrow in on a profile of you.

It can also track you through tools used by websites for analytics and conversion metrics, even when you don’t use Facebook yourself. For example, you could be visiting a website which uses Facebook Pixel for tracking user conversions. This implementation collects data about you that any website can track and then adds it to a dummy profile. If you frequent a particular website, Facebook would then be able to know where you came from and where you are going after clicking through on a link on the site. This is all data collected and assimilated entirely without your consent, and possibly without you knowing at all.

To our ears, Zuckerberg’s denial is a clear lie. It’s altogether unbelievable that the CEO and founder of the company is unaware of Facebook builds profile from your web visits. Fortunately for Zuckerberg, he was not under oath during the hearing, which would put him under investigation for perjury.