Why don't you CCPA Facebook?

22 September 2020

Here's another question I get a lot. Why don't you CCPA Facebook?

Here are some reasons, and there are probably others. (This post contains facebook.com links, so you may want to check your browser privacy settings before clicking.)

1. CCPA Do Not Sell requests, also known as opt outs, only affect "sale" of personal information. In general, the flow of personal info to Facebook is one way, inbound. Facebook either (a) doesn't sell or share my personal info, or (b) they do but stop when it makes the news.

2. A CCPA Right to Know probably wouldn't get me any more information than is already available using Facebook's Download Your Information feature, at least to start.

3. Facebook trackers on non-Facebook web sites can be blocked with Facebook Container and other browser privacy features. This activity is important to stop, but it's already handled.

4. When the user-enabled global privacy controls mentioned in the CCPA regulations are ready, I'll be sending a CCPA opt out to every site I visit unless I specifically say otherwise. So I don't need to worry about Facebook trackers on random sites any more than I need to worry about any random LUMAscape company.

5. Facebook Custom Audiences are like those sampling wells on hazardous waste sites that catch anything nasty that leaks in the area. Crooked politicians, fake brands, Amazon review manipulation schemes, data brokers ripping off their clients, the whole skeevy side of marketing is right there in the Facebook ad settings. If I sent a CCPA Right to Delete to Facebook, it would be like deleting my account manually—I would lose a way to see what's happening with my other CCPA activity and to learn about other privacy risks.

I do use Facebook Custom Audiences to find companies that are sending my personal info to Facebook. In the case of obvious scams or marketing firms taking advantage of clients, I just take a screenshot. If a real company is adding me to a Custom Audience, I CCPA the company, where it will do some good.

Bonus links

‘Ripped the Band-Aid on some hard decisions’: How The New York Times is reshaping its ad business for a cookie-less world

Why Platform Changes Are A Bigger Deal Than GDPR

Apple’s iOS 14 Brings Us a Cookieless Future Sooner Than We Thought

I just realized I have been running 99% fraud sites

Are Journalists and Researchers the Real Content Moderators?

‘Re-architecting the entire process’: How Vice is preparing for life after the third-party cookie

‘We’re getting more used to the uncertainty’: BBC Global News chief on ad-funded news