Facebook Rolls Out European-Style Privacy Protections
By David Jones, TECHNEWSWORLD
April 19, 2018
Facebook on Tuesday unveiled a comprehensive series of privacy enhancements designed to extend protections required by the European Union's General Data Protection Regulation to all of the social media company's users around the world.
The updates, which include major changes to the company's terms and data policies, fulfill promises CEO Mark Zuckerberg made to House and Senate members in Washington D.C., Facebook officials said.
The congressional grilling followed disclosures that Facebook had allowed political data firm Cambridge Analytica to gain unauthorized access to the personal information of as many as 87 million users.
"We not only want to comply with the law, but also go beyond our obligations to build new and improved privacy experiences for everyone on Facebook," Chief Privacy Officer Erin Egan and Deputy General Counsel Ashlie Beringer wrote in an online post.
Users now have the option to control several aspects of the data they share with advertisers and other users, including the following:
- to choose whether they want Facebook to show them ads based on data from partners, for example websites and ads that use tools like the Facebook Like button.
- to notify Facebook if they want to share and use information in their profile, like relationships, religion or political views.
Facebook has given users in the EU and Canada the right to turn on facial recognition technology, which can be used to detect when others might attempt to use your image as their profile photo without your consent, for example.
Facial recognition also is used to suggest friends to tag in group photos or videos. The tool is entirely optional for all users.
Facebook will ask users to agree to its new service and data policy. It will maintain its pledge not to sell data, which Zuckerberg insisted repeatedly during the congressional hearings that Facebook does not do.
Users in the EU will see specific details that are relevant only to affected countries, including information on how to contact Facebook's Data Protection Officer, Facebook's Egan and Beringer noted.
Users in the EU will start to see those updates ahead of the GDPR implementation on May 25, and users elsewhere will see the changes later in the year.
The chief technology officer at Facebook is scheduled to testify in the British House of Commons next week, before a committee investigating the fake news phenomenon. It was that committee's hearings that led to a whistleblower disclosing Facebook's unauthorized sharing of millions of privacy records with Cambridge Analytica.
The committee indicated it might issue a summons to suspended Cambridge Analytica CEO Alexander Nix, who was scheduled to testify a second time this week but backed out at the last minute.
New Facebook settings and privacy shortcuts announced last month will be rolled out this week. The company has new tools that let users see their information and download it to their computers.
Facebook also has put in place more protections for teens, including restrictions on the types of ads that target them, and limits on the use of facial recognition for those under age 18. Also, the number of users who can see a teen's hometown or birthday is limited.
Under the EU's GDPR, users between the ages of 13 and 15 in certain EU countries need parental permission to use certain features, including advertising based on data from partners, and religious or political views.
While the changes are a step in the right direction, Congress still needs to take action to ensure legal privacy protections that have enforcement mechanisms to back them up, suggested Allie Bohm, policy counsel at Public Knowledge.
"Are they doing things to keep the heat off of them? I think yes," she told TechNewsWorld.
Facebook has a history of making promises about improving privacy protections and then going back on them, Bohm said, noting that privacy enhancements based on the GDPR amount to "low hanging fruit." Rolling them out now allows the company to give the appearance of comprehensive privacy protection.
It's unlikely that the U.S. Congress will pass any comprehensive legislation before the November midterm elections, as there is little floor time left before House and Senate members will be deep into fundraising and campaigning for re-election, Bohm pointed out.
In addition, controversial bills tend not to get much traction right before major election cycles, she added.
Facebook's latest privacy enhancements appear beneficial on the surface, said John Simpson, privacy and technology policy director at Consumer Watchdog.
However, based on the screen grabs posted by Facebook, they seem to be designed for mobile users, he noted, and they don't appear to make it very easy for users to get complete control over their options.
"I'd be very interested to see what sort of data management options they're going to give you if you go to Facebook on a computer," Simpson told TechNewsWorld.
Privacy protections need serious teeth, so that agencies like the FTC can levy fines, he said. That's what provides real incentives for social media companies to adhere to the data protections they promise.
"We really do need some serious bright line privacy regulation in the U.S.," said Simpson, "so if companies cross that line they can be held accountable."
David Jones has been an ECT News Network reporter since 2015. His areas of focus include cybersecurity, e-commerce, open source, gaming, artificial intelligence and autonomous vehicles. He has written for numerous media outlets, including Reuters, Bloomberg, Crain's New York Business and The New York Times. Email David.