„Swedish Radio News reporters have tested the tip-form on ECPAT's website and found that their name, email and telephone numbers were shared with Facebook.“
How the hell does this just happen? Have people forgotten how to build simple forms and just use Facebook?
Poor supervision over something like Google Tag Manager resulting in someone on the PR team adding extra stuff without being fully aware of the repercussions
The way I could imagine it happens is that they use GTM to trigger Facebook tags, for example to remarket people who have donated to ECPAT, since people who donate are likely to do so again after say a month or during Christmas so that's a perfect audience to have available for an ad campaign. But they have GTM fire FB on every single page out of convenience, since setting up rules in GTM on where to trigger it is work. The tip-off page is hosted on the same environment, so FB triggers by default.
Not 100% on this but if they aren't granted sufficient GTM access and the site is an SPA devs may not even have access of where to trigger it beyond blocking instantiation on certain pages.
100% this, the marketing team wants to have Google Tag Manager to inject random marketing scripts all across the page and management backs them up and then the development team has no insight to or no say in what actual scripts are run on a specific page.
That said: This is a GDPR nightmare and so is Google Tag Manager
It really doesn’t fix it, since the whole point of GTM is to allow arbitrary code execution on any page by marketing teams. (Yes, this is as bad of an idea as it sounds)
Something is off here. When PII data is shared with Facebook, it gets hashed before it gets sent. In fact, Facebook warns you if you are “leaking” PII in places like URL parameters that get picked up by their tracking pixel.
If they discover pageview events with PII in them, they throw them out.
I’m not justifying that hashed data is okay… but clear text data is not received or stored by Facebook via a Facebook Pixel, or their conversions API.
If facebook had the clear or hashed data anywhere else you’re still leaking it just with extra steps. Hashes don’t by themselves anonymize. If you have access to the original data it’s trivial to recompute the hash and build your association that way. You could assume the data is salted but that’s not always a safe assumption.
I am not here to defend Meta, only clarify how data is transmitted.
Data is not salted as far as I can tell, it's normalized and hashed via SHA256. They publish SDKs for serverside integrations so you can see how the code is set up.
They probably embedded tracking pixels because PR teams wanted to have data on how many people viewed the page vs how many people actually filed a report.
Why do I get feeling time and time again that developers pick the easy solutions. Not the sensible ones.
Some type of page download counter should not be impossible, and number of reports should also be easy metric. Why do they even think they need to get someone like Facebook involved...
In almost all organizations outside of IT, IT is at the bottom of the social ladder. They gotta do what management wants.
And that won't change until enough large organizations get hit hard by fines that everyone else follows suit and hires actually capable CTOs with veto power over everyone else.
