New Report Finds Facebook Accessed FAFSA Data, No Friend Request Needed

By Hugh T. Ferguson, NASFAA Senior Staff Reporter

A website managed by Federal Student Aid (FSA) where students go to fill out their FAFSA was found to contain code that unbeknownst to students and parents shared their personal information with Facebook, according to a new article from The Markup.

“The Markup found that code embedded in the website where students fill out the Free Application for Federal Student Aid, or FAFSA, was automatically sending the data to Facebook,” the article says. “The data was being collected even if the visitor to the site did not have a Facebook account and began even before the user logged in to, the site that hosts the form.”

FSA Chief Operating Officer Richard Cordray told The Markup that FSA had changed its tracking settings “as part of a March 22 advertising campaign,” which resulted in some applicant information to be tracked. Cordray added that the data was anonymized and was not used by FSA or by Facebook “for any purpose.”

Some of the shared data included information like a user’s first name, last name, country, phone number, and email address, and may have been shared as early as January 2022.

The full scope of the data collection is still being determined. The Markup said they have not found evidence that everything a student typed into the FAFSA — such as financial information — was being collected, but noted that the code “was configured to collect identifying information such as the student’s name, email address, phone number, and zip code, data that could be used for targeting ads on Facebook.”

NASFAA has reached out to FSA to better understand the extent of the issue. 

Read the full report from The Markup.


Publication Date: 4/29/2022

Linda W | 5/5/2022 1:26:09 PM

is this not a breach of PII? How do we find out which schools should be notified of this breach?

David S | 5/2/2022 4:5:08 PM

As distressing as this story is, and not to defend the practice in any way, but my guess is that FB already had the goods on the vast majority of these borrowers. I'm sure they have a mountain of info on me, and I've never had a FB account.

In addition, most government agency's hands are tied when it comes to technology. and basic operating resources. Our friends at ED saw mass retirement in recent years, with many/most of the resulting vacancies not filled. I'm sure they're using lots of legacy systems that never could have been set up to protect against this kind of thing, because it dates back to when it wasn't a thing.

Jerry C | 5/2/2022 3:56:21 PM

I would like them to tell us why they did it!

James H | 5/2/2022 1:22:05 PM

It is a "do as I say and not as I do" issue. If the school did it we would be roasted, they did it so it is not a penalty/foul.

Jesse H | 5/2/2022 10:19:52 AM

Stories like this are a good case study about why regulating Big Tech is so difficult. On the one hand, this story seems to be (and is) a story about the hyper-aggressive tracking activity of Facebook / Meta, which cries out for some regulation. On the other hand, this story is equally (or far more, actually) a tale of government incompetence or fecklessness when it comes to that same technology, as it was Department of Ed's own website that was configured to share way more information with Facebook than it should have.

You must be logged in to comment on this page.

Comments Disclaimer: NASFAA welcomes and encourages readers to comment and engage in respectful conversation about the content posted here. We value thoughtful, polite, and concise comments that reflect a variety of views. Comments are not moderated by NASFAA but are reviewed periodically by staff. Users should not expect real-time responses from NASFAA. To learn more, please view NASFAA’s complete Comments Policy.

Related Content

Today's News for February 28, 2024


Today's News for February 27, 2024


View Desktop Version