Facebook is now using a data company to connect ad displays on the site to in-store purchases, according to an article by the Financial Times. The company, called Datalogix, owns data culled from loyalty programs like the CVS ExtraCare card or the Stop and Shop card. The information includes items like names, e-mail addresses, and purchase history which it can now use to connect to Facebook accounts and target ads.

Facebook ads, like most ads throughout documented history, previously could not always prove that they work. There was no way to connect their display with actual purchases outside direct click-throughs. (Said Facebook advertisers: "What is this, the magazine publishing industry circa 1982?") According to the Financial Times, Facebook faces "growing pressure" to help advertisers track and target current and potential customers more tightly, so it will user Datalogix's database with information from 70 million people and 1,000 retailers to step up its game.

In a statement provided to Ars, a Facebook spokesperson wrote that "Facebook doesn't get data that retailers give Datalogix; retailers don't get any data from Facebook; nor do advertisers share any of their data with Facebook or vice versa." Between Facebook and Datalogix, though, Facebook shares "anonymous IDs corresponding to consumers exposed to a given ad campaign."

Hence, Datalogix does not receive personally identifying information. But by comparing its purchase records and loyalty information (names, e-mail addresses) from partner companies like CVS to ad campaigns served to your (anonymized) profile, the company can get a pretty good idea of what you're about. At least, what you're about when perusing a pharmacy shelf, if advertising can be presumed to work on you (and Facebook ads do appear to work fairly well).

Marc Rotenberg, president of the Electronic Privacy Information Center, noted to Ars that DoubleClick experienced a similar situation in 1999 when it bought the catalog firm Abacus. DoubleClick insisted no personal information would be obtained from the acquisition, but once everyone realized it would be difficult to ignore certain correlations between data sets, the company had to backtrack.

It's unclear whether Facebook's move complies with the consent order it filed with the FTC in 2011 promising that future privacy changes and information sharing would be "opt-in" only. The new sharing arrangement with Datalogix is certainly not opt-in; as The Atlantic points out, Facebook users must opt out of the Datalogix interactions. They can navigate through a few different help pages, click on an unhelpful-sounding link to "learn more about the [Facebook] partners and the choices they offer," then can click an opt-out link.

Facebook's arrangement with Datalogix does technically comply with the company's promise in its data use policy to anonymize user data before sharing it with third parties. But given the avalanche of information Datalogix has to cross-reference, you'll be about as anonymous as Jay-Z wearing sunglasses when walking to the grocery store.

The FTC has yet to comment on the matter, or whether it runs afoul of the consent order. "It is critically important for the FTC to look closely at this proposal and to determine whether the company is complying with the terms of the settlement," Rotenberg told Ars.