Facebook could be exposing the sexuality of LGBTQ+ users in countries where homosexuality is illegal, according to a new paper by a team of researchers at Universidad Carlos III de Madrid. The researchers found that Facebook has labelled 67% of users with potentially sensitive interests such as "homosexuality."
Laws like the European General Data Protection Regulation (GDPR) and California's California Consumer Privacy Act limit companies from processing data concerning a person's sexual orientation without their consent. But the researchers found that Facebook appears to violate those rules, allowing advertisers to market to people who are thought to be interested in "homosexuality." The research team writes that Facebook assigns hundreds of attributes, based on sensitive personal data, to its users. What's more, they discovered that Facebook provides access to about 2,000 advertising attributes that the GDPR would classify as "sensitive," such as race or political leanings.
That's a huge worry in countries like Saudia Arabia, which impose a death penalty for homosexuality. The research team found that just over 2% of users in that country are tagged with an interest in "homosexuality." In Afghanistan, it was over 12%, and over 5% in Brunei.
Although the data cannot be immediately connected with individual users through Facebook's ad interface, it could still be used to track down LGBTQ+ people. Someone could post an ad disguised as a contest entry and only target queer people, for example, and use an external signup form to gather respondents' contact information.
There's no indication so far that that has happened, but the researchers warn that if a malicious user wanted to, they could obtain personally identifiable information of people tagged with some sensitive ad preference for as little as $0.17 per person.
The Madrid-based team recommended that Facebook take immediate action to block the targeting of ads based on sensitive interests like "homosexuality," particularly in countries where users could be exposed to legal repercussions.
But until that happens, they say, users have some recourse. The team created a browser extension called Facebook Data Valuation Tool, or FDVT, that shows you what interests Facebook has assigned to you and allows you to delete them. The plugin also identifies historical information on times that the user has been targeted, and the reasons Facebook targeted them.