My point is that it would be naive to believe that a company whose revenue depends on exploiting user data has internal measures in place to ensure the safe handling of that data. In fact, their actions over the years effectively prove that to not be the case.

So whatever they claim publicly, and probably to their low-level employees, is just marketing to cover their asses and minimize the impact to their bottom line.

What would be the cost of setting safeguards and firing employees that cross the line? Feel like an access control system would be fairly easy to build and firing employees is not a huge deal nowadays.

You claim it’s all talk, but it’s not much more effort to walk the walk. It doesn’t hurt profits to do it.