newsletter banner

ISSUE 19.32.F • 2022-08-08 • Text Alerts!Gift Certificates

In this issue

LEGAL BRIEF: The new privacy policy’s here! The new privacy policy’s here!

Additional articles in the PLUS issue • Get Plus!

SILICON: $52 billion for semiconductor giants — but will we get more chips?

HARDWARE: Restored desktop computers must work flawlessly

ON SECURITY: Can you trust technology?

My Computer Works Home & Business Computer Repair | My Computer Works

My Computer Works keeps your technology running smoothly. With computer repair support and tech solutions for home and small business, we’re the fast, friendly experts you can count on.


The new privacy policy’s here! The new privacy policy’s here!

Max Oppenheimer

By Max Stul Oppenheimer, Esq.

On July 26, Meta (aka Facebook) changed its privacy policy.

So this is a good time to ask two questions: what’s in the new policy, and what should you do about it?

You can find the new privacy policy here. Settle in — it’s enormous.

The starting point — privacy and trade secrets

While Meta and other social-media companies have “privacy” policies, and while many states and foreign countries have privacy laws, the more ubiquitous law governing control of private information is trade-secret law.

To begin with, there are two types of information relating to you: public information and private information. You have no control over public information. If you post information in a public forum, or if your information is legally made public (for example, if you are a member of a regulated industry and the regulator lists your name), you have no control over how the public might use the information. (Regular readers will note that the word “information” is deliberately chosen and important — the public can use the information, but not necessarily the form in which it is presented. See The problem with copyright: fair use, 2021-04-05.)

On the other hand, information which you possess — whether it is about you or not — can be protected under trade-secret law as long as it meets two conditions. First, it is information not generally known or ascertainable by proper means. Second, you take reasonable steps to keep it confidential. Obviously, the best step to take to maintain confidentiality is not to tell anyone. Sometimes that is not feasible.

An alternative is to disclose the information subject to a nondisclosure agreement, essentially a contract that limits how the person to whom the information is disclosed may use the information. Trade-secret protection is a matter of state law, but many states have adopted the Uniform Trade Secrets Act, which provides additional protection to disclosures of information which may not have been subject to a formal nondisclosure agreement but which is obtained under circumstances indicating that it is intended to be confidential. In general, the Uniform Trade Secrets Act prohibits acquisition, use, or disclosure of confidential information without permission.

So if you post something on a public website such as Facebook/Meta, it’s hard to see how you could consider it confidential. After all, the point is to make it publicly available — that means you don’t meet the first requirement for trade-secret protection (it’s ascertainable by proper means).

Why, then, does Meta need a privacy policy?

Enter monetization and regulation

Part of the answer is that various governments have enacted privacy laws that go beyond trade secret protection. Once a country that is a significant market imposes rules, it provides an incentive to apply those rules worldwide, to avoid the need for multiple rules and to reduce the risk that a user triggers the rules of a stricter jurisdiction.

Another part of the answer is that Meta wants to collect and use information that is not made public — metadata and data that your device records but that you choose not to post publicly.

What follows is a summary of some provisions of the new policy. It may seem like a cop-out to say, “You need to read the policy yourself,” but it is a massive hypertext document; choosing what to summarize and how much detail to provide is not easy.

Information acquisition

Recall that it is a violation of trade-secret law to “acquire” confidential information without permission. Meta notes:

On our Products, you can send messages, take photos and videos, buy or sell things and much more. We call all of the things you can do on our Products “activity.” We collect your activity across our Products.

Here’s a list of some of the “activity” Meta collects:

  • Content you create, like posts, comments or audio
  • The time, frequency, and duration of your activities on our Products
  • Information you’ve shared with us through device settings, like GPS location, camera access, photos and related metadata.

The first item above represents things the average user probably intends to be public. The other two items are things voluntarily disclosed to Meta, usually without placing any restrictions on how Meta can use them.

But there is a long list of items that an average user probably does not intend to make generally public, such as:

  • Content you provide through our camera feature or your camera roll settings, or through our voice-enabled features
  • Messages you send and receive, including their content, subject to applicable law
  • Metadata about content and messages, subject to applicable law
  • Types of content you view or interact with, and how you interact with it
  • Apps and features you use, and what actions you take in them
  • Purchases or other transactions you make, including credit card information
  • Information from and about the different devices you use and how you use them
  • Identifiers that tell your device apart from other users, including Family Device Information about the network you connect your device to, including your IP address
  • Information from cookies and similar technologies

Meta also “collects and receives information from Partners, measurement vendors, and third parties about a variety of your information and activities on and off our Products.” The information includes:

  • Your device information
  • Websites you visit and cookie data, like through Social Plugins or the Meta Pixel
  • Apps you use
  • Games you play
  • Purchases and transactions you make
  • Your demographics, like your education level
  • The ads you see and how you interact with them
  • How you use our Partners’ products and services, online or in person
  • Your email address, cookies and advertising device ID

Meta notes:

This helps us match your activities with your account, if you have one.

We receive this information whether or not you’re logged in or have an account on our Products.


But wait! There’s more! Meta also uses:

  • Your profile information
  • Your activity on and off our Products, including information we receive through cookies and similar technologies, according to your settings
  • Things we infer about you, like topics we think you may be interested in
  • Information about your friends, followers or other connections, including their activity or interests
  • Location-related information that you allow us to receive if you turn on the Location Services device setting

With respect to the Location Services device setting, Meta also notes:

We also receive and use some location-related information even if Location Services is turned off.

How long does Meta keep the information?

We keep information as long as we need it.


Information use

Meta’s policy states, “We don’t sell any of your information to anyone, and we never will.” Admirable, but recall that it is also a violation of trade-secret law to “use” confidential information without permission. (And, as we read further, we learn that Meta does “partner” with others.)

Meta uses the collected information. Among the uses listed are:

  • To promote safety, security and integrity and comply with applicable laws
  • To personalize offers, ads and other sponsored or commercial content
  • To develop and provide features and integrations
  • To understand how people use and interact with Meta Company Products

The fact that such uses may be admirable (promoting safety, for example), or that the use is purely internal, does not make the use any less a violation of trade-secret law — unless the owner has given permission.

Meta also says it will:

Use information that advertisers, businesses and other partners provide us about activity of Meta Products that we have associated with you to personalize ads that we show you on Meta Products, and on websites, apps and devices that use our advertising services

Use information we have, including any information with special protections you choose to share, to provide and improve our Products. This includes personalizing features, content and recommendations, such as your Facebook Feed, Instagram feed, Stories and ads.


We want everything you see to be interesting and useful to you.

Again, these facts do not make the use of confidential information okay without permission.

Information disclosure

Meta does not sell your information. But mere disclosure of confidential information without permission violates trade-secret law; a sale is not required.


Share[s] information we collect, infrastructure, systems and technology with the other Meta Companies.

Share[s] information we collect globally, both internally across our offices and data centers and externally with our Partners, third parties and service providers.

Provide[s] advertisers with reports about the number and kinds of people who see and engage with their ads. These reports include information about the general demographics and interests of people who engaged with an advertiser’s ad. Then advertisers can better understand their audience.

Meta also provides advertisers and their business partners with information about:

  • Ads people engaged with, if any
  • When people engaged with ads
  • Where that ad was shown (for example, on Instagram, or on Facebook)


We don’t share information with these advertisers and their business partners that by itself can be used to contact or identify you, such as your name or email address, unless you give us permission.

Note particularly the language “by itself.” Although the specific information Meta provides about you may not “by itself” be enough to personally identify you, that information, when aggregated with other information might be — and Meta offers no assurance that it will prevent this aggregation.


Meta provide[s] information to external researchers. They use it to conduct research that advances scholarship and innovation, and to promote safety, security and integrity.

Sounds worthy. Umm … hmmm. I wonder, what specific types of research?

Research goals include supporting: Our business or mission.


What can we as individuals do?

If you have reviewed the Meta Privacy Policy and, as with a fine mystery novel, find yourself wishing there were more, do not despair. Meta notes that it shares with partners who have their own privacy policies and invites you to track them down:

Integrated Partners handle the information you share with them according to their own terms and policies, not Meta’s. You can review their privacy policy on their website or app to learn how they receive and process your information. In some cases, they use a separate service provider to receive and process your information.

When you accept the terms of service, one of the provisions states that you accept the privacy policy. Assuming this creates an enforceable “click to accept” contract, you have given up any claim to trade secrecy. Recall that one of the requirements for establishing a trade secret is that you must take reasonable steps to protect it — agreeing that Meta can use your information is inconsistent with that requirement.

That leaves two options.

Option one is legislation. The European Union has privacy laws, as do some, but not all, US states. Perhaps Congress will take a similar approach.

Option two is to work within the current system. Meta provides user controls that allow restriction on some, but not all, of the listed information collection, use, and disclosure. (I’m afraid I’m going to need to cop out again and refer you to its website for details.) Users have additional options — restrict what you share, or find a friendlier service.

And a final note: Be conscious of the many types of information that are being collected, especially as Meta and others roll out new services. That private phone call? Not so private if you’ve agreed to let the service provider collect and use its content.

Talk Bubbles Join the conversation! Your questions, comments, and feedback
about this topic are always welcome in our forums!

Max Stul Oppenheimer is a tenured full professor at the University of Baltimore School of Law, where he teaches business and intellectual property law. He is a registered patent attorney licensed to practice law in Maryland and D.C. Any opinions expressed in this article are his and are not intended as legal advice.


Here are the other stories in this week’s Plus Newsletter


Brian Livingston

$52 billion for semiconductor giants — but will we get more chips?

By Brian Livingston

President Joe Biden recently signed a $52 billion subsidy program for the semiconductor industry, within an overall $280 billion package called the Chips and Science Act, but will we see an easing of today’s maddening chip shortages any time soon?

The short answer is “no,” but the reasons might surprise you — and you shouldn’t assume we’ll get no bang for our bucks at all.


Ben Myers

Restored desktop computers must work flawlessly

By Ben Myers

In my last article, I covered the basic and essential tests needed to assure that a computer was in generally sound operating condition. As the late-night TV pitchman always says: “But wait! There’s more!” More testing, that is.

There are still electronics that need to be working right for the entire computer to be fully functional. Along the way, you need to do at least a visual inspection to see that all the ports and connectors — in back, in front, and even on top of a computer — are not damaged.


Susan Bradley

Can you trust technology?

By Susan Bradley

The other day, a reader asked why I use a Lenovo laptop, expressing concern that it was built overseas and contained sensitive technology.

He noted that the US Department of Defense had recommended that its divisions stop buying technology that included components suspected of containing (or known to contain) spying capabilities.

Know anyone who would benefit from this information? Please share!
Forward the email and encourage them to sign up via the online form — our public newsletter is free!

Enjoying the newsletter?

Become a PLUS member and get it all!

RoboForm box

Don’t miss any of our great content about Windows, Microsoft, Office, 365, PCs, hardware, software, privacy, security, safety, useful and safe freeware, important news, analysis, and Susan Bradley’s popular and sought-after patch advice.

PLUS, these exclusive benefits:

  • Every article, delivered to your inbox
  • MS-DEFCON Alerts, delivered to your inbox
  • MS-DEFCON Alerts available via TEXT message
  • Total access to the archive of nearly two decades of newsletters
  • No ads
  • Identification as a Plus member in our popular forums

We’re supported by donations — choose any amount for a one-year membership.

Join Today buttonGift Certificate button

The AskWoody Newsletters are published by AskWoody Tech LLC, Fresno, CA USA.

Your subscription:

Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody,, Windows Secrets Newsletter,, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody Tech LLC. All other marks are the trademarks or service marks of their respective owners.

Copyright ©2022 AskWoody Tech LLC. All rights reserved.