Meta Doesn’t Permit Developers to Share Pixel Data: Engineer
It’s website developers, not Meta, that choose to deploy the Pixel tracking tool and select which webpages the Pixel is integrated on and what data is sent to Meta, said Meta software engineer Tobias Wooldridge in a heavily redacted declaration Wednesday (docket 3:22-cv-03580) in U.S. District Court for Northern California in San Francisco.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Plaintiffs in the large privacy class action in which Wooldridge filed his declaration allege that when a patient communicates with a healthcare provider’s website where the Pixel tracking tool is present, its source code causes the exact content of the patient’s communication with the healthcare provider to be redirected to Facebook in a fashion that identifies the user as a patient. The class action seeks an injunction to bar Meta from intercepting or disseminating patient information collected through the Pixel tool.
Wooldridge’s declaration disagreed with that of an expert witness for the plaintiffs, Christo Wilson, a Northeastern University computer sciences associate professor, who asserted Meta could easily comply with an injunctive relief order by using its existing filtering tools and web-crawlers, with “slight modifications” (see 2211150003). Many of Wilson’s recommendations “are so high-level and non-specific that it is challenging to fully evaluate, let alone implement, them,” said Wooldridge. Each of Wilson’s recommended measures is “already encompassed within Meta’s ongoing, evolving, and continuous efforts to improve its health-related integrity systems,” he said. Wilson’s declaration is based on “incorrect assumptions about how Meta’s systems operate and is therefore infeasible,” he said.
Meta does not want, nor does it permit, developers to transmit sensitive information, including health information, to it through the Pixel tool, said Wooldridge. “Meta takes numerous measures to prevent the transmission and receipt of that information.” Meta requires all developers to agree to its terms and conditions, “which expressly prohibit developers from sending Meta health or otherwise sensitive information,” he said. Meta has published several articles that explain and give examples of the kinds of information that developers should not send to Meta, he said. It also counsels developers on steps they can take “to avoid sending such information, and describe how to address instances in which sensitive information may have been sent,” he said.
Meta also developed and implemented a “filtering mechanism” to screen out “potentially sensitive data it detects,” said Wooldridge. Meta’s “signals” team is responsible for maintaining and implementing Meta’s "integrity systems," which are designed to detect and filter out potentially sensitive data being sent by third-party developers to Meta via the Meta Pixel, he said.
Approximately 15 Meta employees are assigned currently to work on improving the “integrity systems used to detect and filter out potentially sensitive health data sent via the Meta Pixel, including four dedicated engineers,” said Wooldridge. These employees are not part of a “static effort,” he said. They play a “dynamic and ongoing” role to improve Meta’s ability to identify and filter out potentially sensitive data being sent by web developers to Meta via the Meta Pixel, he said. A second “cohort” of about 80 people supports the signals integrity team, he said.
Meta supplies developers with a mechanism “to prevent sending Pixel data from certain domains or subdomains on their websites,” said Wooldridge. The developers “own and operate and therefore have full visibility into their own websites,” he said.
Wilson’s “backward-looking” suggestion that Meta could retroactively apply its filtering system to historical Pixel data to delete sensitive patient information from its advertising-related systems “is neither necessary nor feasible in light of Meta’s normal data retention and storage practices,” said Wooldridge. “Meta has more than 2.9 billion monthly active Facebook users, and there are practical limitations on the volume of granular data Meta can maintain, and how such data can be stored.”
When Meta’s systems detect and filter out data they categorize as potentially sensitive, Meta “automatically sends notifications to the developer” via email and in two locations on Meta’s “developer dashboard,” said Wooldridge. “These notifications inform the developer that Meta detected and filtered out data that may not comply with Meta’s terms,” he said. They also provide details about the affected data, including the URL where the sensitive data appeared, plus steps the developer can take to address the issue, he said.