Deepfake Detection Challenege

Data Policy

Deepfake Detection Challenge Data Policy

Effective Date: October 21, 2019

The Deepfake Detection Challenge is a collaboration between Facebook, the Partnership on AI, Microsoft, Amazon and academics from Cornell Tech, MIT, University of Oxford, UC Berkeley, University of Maryland, College Park, and University of Albany-SUNY. The aim of this challenge is to invite people around the world to help build better detection tools to combat misinformation generated by new technologies such as deepfakes, where realistic AI-generated videos show real people doing and saying fictional things.

The Deepfake Detection Challenge is a competition whereby eligible participants take part either individually or as a team to create new ways of detecting and preventing tampered media. This Data Policy describes Facebook, Inc.’s (together, “Facebook,” “us,” “our”) practices for handling your information collected in connection with the Deepfake Detection Challenge. The data controller responsible for the personal data of individuals in the European Union is Facebook Ireland Limited.

Collection of Information

When you interact with us through the Deepfake Detection Challenge website (the “DFDC Website”), we may collect or receive the following types of information from you:

Information you provide directly to us

  • Account Information: You will need to create an account on the DFDC Website in order to participate in the competition. When you sign up for an account, we will ask you to provide your full name, an email address (academic, research and company entity email only), the entity you work at (research/organization/company) and your position at such entity, your address, your research project and how you will use the dataset, a password and a username (which need not be your real name). You may participate in this competition either alone or as a group.
  • Your Submission: You may participate in this challenge by receiving a copy of the challenge dataset from the DFDC Platform, using such dataset to train your models. Entrants will also submit code into a black box environment for testing.

Information we collect automatically

Depending on the type of device used to visit the DFDC Website, we will also collect certain additional information automatically, such as:

  • Device attributes: information such as the operating system, hardware and software versions, battery level, signal strength, available storage space, browser type, app and file names and types, and plugins.
  • Device operations: information about operations and behaviors performed on the device, such as whether a window is placed in the foreground or background, or mouse movements (which can help distinguish humans from bots), as well as pages visited.
  • Identifiers: unique identifiers, device IDs, and other identifiers, and Family Device IDs associated with the same device or account .
  • Device signals: Bluetooth signals, and information about nearby Wi-Fi access points, beacons, and cell towers.
  • Data from device settings: information you allow us to receive through device settings you turn on, such as access to your GPS location.
  • Network and connections: information such as the name of your mobile operator or ISP, language, time zone, mobile phone number, IP address, and connection speed.
  • Cookie data: data from cookies stored on your device, including cookie IDs and settings. Learn more about how we use cookies in our Cookie Policy.

How We Use Information

We will use the information described above for the purposes of administering the Deepfake Detection Challenge. Specifically, we will use the following information for the following purposes:

  • Account Administration: We will use the information you provide to create an account for you on the DFDC Website and to determine your eligibility to participate in the Deepfake Detection Challenge.
  • Publications: We may publish articles, blogs or similar posts regarding the Deepfake Detection Challenge which may contain the names of the participating teams, individuals or organizations with the best submissions and details of those submissions.
  • Communicate with you: We will use your email address to contact you about the Deepfake Detection Challenge, including updates about the challenge dataset, challenge deadlines, and other information.
  • Preventing fraud and abuse: We will use the information you provide in order to enforce the challenge rules (e.g. ensuring eligibility of participants and preventing fraud and abuse in entries).

How We Share Information

There are certain circumstances in which we will share your information with certain third parties without further notice to you, as follows:

  • Service Providers & Vendors: We share information with third-party vendors and service providers who support the DFDC Website, for example by providing technical infrastructure services. We also share information with third-party vendors and service providers to help us determine your eligibility to participate in the Deepfake Detection Challenge.
  • Legal purposes: We may share information you provide through the DFDC Website for legal purposes, such as responding to subpoenas, court orders, legal process, law enforcement requests, legal claims or government inquiries, detect fraud, and to protect and defend the rights, interests, safety, and security of the Deepfake Detection Challenge and the DFDC Website, our affiliates, owner, users, or the public.
  • Business transfers: If the ownership or control of Facebook, or the DFDC Website, changes, we may transfer your information to the new owner.

Your Rights

In accordance with applicable laws, you may have the right to access, rectify, port and erase your information, as well as the right to restrict and object to certain processing of your information.
To exercise such rights in relation to the information you have provided for the Deepfake Detection Challenge, please email from the email address you have provided to create your account on the DFDC Website.

How We Protect Information

We take measures to help protect information from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction. However, no data storage system or transmission of data over the Internet or any other public network can be guaranteed to be 100 percent secure.

Data Retention

We retain information relating to the Deepfake Detection Challenge until it is no longer necessary to serve the purposes for which it was collected, e.g. to guard against cheating and duplicate entries. Reasons we may retain some data for longer periods of time include security, fraud & abuse prevention, record-keeping, complying with legal or regulatory requirements and ensuring the continuity of our services.

Participation age

You must be at least eighteen (18) years old (or over the age of majority in your jurisdiction of residence) in order to be eligible for the Deepfake Detection Challenge. We will delete any information we may have inadvertently received from anyone under that age upon notice.


If you have any questions about this Data Policy or our practices, please contact us online or by mail at:

Facebook, Inc.
ATTN: Privacy Operations
1601 Willow Road
Menlo Park, CA 94025


Our Legal Bases for processing the personal data of individuals in the European Union

Under European law, companies must have a legal basis to process data. You have particular rights available to you depending on where you are located and depending on which legal basis we use, as explained below.

Contractual necessity: The majority of the processing of personal data described in this Data Policy is justified on the basis that it is necessary for the performance of a contract - specifically, for the purposes of the Deepfake Detection Challenge Terms of Use. For example, we rely on this legal basis to: create your account and to communicate and issue publications in relation to the same.

The other legal bases that we rely on in certain instances when processing your data are:

Legitimate interests: Our legitimate interests or the legitimate interests of a third party, where not outweighed by your interests or fundamental rights and freedoms. We rely on this legal basis to:

  • research and innovate for social good. The legitimate interest we rely on for this processing is to further the state-of-the-art or academic understanding on important social issues to affect our society and the world in a positive way; and
  • share information with others, including law enforcement, and to respond to legal requests. The legitimate interests we rely on for this processing are: to prevent and address fraud, unauthorized use of the DFDC Website, breaches of our terms and policies, or other harmful or illegal activity; to protect ourselves (including our rights, property or products), our users or others, including as part of investigations or regulatory enquiries; or to prevent death or imminent bodily harm.

Compliance with a legal obligation: We rely on this legal basis for processing data when the law requires it, including, for example, if there is a valid legal request for certain data.

Protection of your vital interests or those of another person: The vital interests that we rely on for this processing include protection of your life or physical integrity or that of others, and we rely on it to combat harmful conduct and promote safety and security, for example, when we are investigating reports of harmful conduct or when someone needs help.

Tasks carried out in the public interest: We may rely on this for undertaking research for social good and to promote safety, integrity and security, where this is necessary in the public interest as laid down by Union law or Member State law to which we are subject. When we process your data as necessary for a task carried out in the public interest, you have the right to object to, and seek restriction of, our processing. To exercise your rights, you can email In evaluating an objection, we'll evaluate several factors, including: reasonable user expectations; the benefits and risks to you and third parties; and other available means to achieve the same purpose that may be less invasive and do not require disproportional effort. Your objection will be upheld and we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons.

Data Transfers

We share information globally, both internally within the Facebook Companies and externally with our partners. Information controlled by Facebook Ireland Limited will be transferred or transmitted to, or stored and processed in, the United States or other countries outside of where you live for the purposes as described in this policy. These data transfers are necessary to provide the services set forth in the Deepfake Detection Challenge Terms of Use. We utilize standard contract clauses approved by the European Commission and rely on the European Commission’s adequacy decisions about certain countries, as applicable, for data transfers from the EEA to the United States and other countries.

Contact Information for individuals in the European Union only

Individuals in the European Union is Facebook Ireland Limited, which you can contact online, or by mail at:

Facebook Ireland Ltd.
4 Grand Canal Square Grand
Canal Harbour Dublin 2 Ireland

Contact the Data Protection Officer for Facebook Ireland Ltd.

You also have the right to lodge a complaint with Facebook Ireland’s lead supervisory authority, the Irish Data Protection Commissioner, or your local supervisory authority.