Attitudes to personal data are changing. The Cambridge Analytica scandal was a wake-up call for many users of Facebook and other social media platforms as they suddenly realized that highly personal information about them was being used in ways that they could never have imagined – and had never given permission for.
Facebook has launched a range of new tools in an effort to “put people in more control over their privacy” in the build up to new EU regulations that tighten up data protection.
The EU’s General Data Protection Regulation, or GDPR, went into effect on Friday, May 25. The regulations were written to benefit European citizens by giving them more control over the data that’s collected by online services. But in practice, the new rules will have widespread ramifications as even U.S.-based companies who handle the data of E.U. citizens try to make sure they’re in compliance.
The big thing here is consent. Facebook will ask users to say whether they agree to it using data from outside sources to target them with ads, and it will check whether it’s okay for Facebook to make use of people’s political, religious, and relationship information.
The company will also ask users whether they’re fine with having their faces analyzed with Facebook’s facial recognition tech. Currently, it only uses this technology outside the EU and Canada—Facebook did use facial recognition on people in the EU before 2012, but in that year privacy regulators cracked down on the practice due to a lack of real consent on the part of users.
Some of the key provisions of GDPR include: the requirement that all privacy options be set to maximum by default; that personal information is not shared without explicit consent; that companies give complete disclosure about what data is being collected and why; the right of citizens to access the personal data a company has on them; and the right to have that personal data be deleted if a citizen asks it to be.
GDPR threatens to fine firms up to 4 percent of annual global turnover or 20 million euros ($23.5 million), whichever is the larger amount. It forces companies to be clearer on consent to use and share customer data and allows consumers to request that firms delete all information companies have on them — known as the “right to be forgotten.”
“These are values that we’ve always shared for Facebook’s whole existence,” Zuckerberg said at the Viva Technology conference in Paris.
“A huge part of what we do is make sure that people have the tools to share information, whether that’s a photo that you care about or a message with exactly the people who you want to share it with. So that way we can get to what we really care about, which is helping people connect.”
Zuckerberg’s statements indicate that the progressive, privacy-first legislation passed in the European Union will benefit everyone. The inability to make unilateral changes to people’s privacy and the right to erasure could hamper some of Facebook’s ability to roll out new products and require it to build stronger systems to comply with user requests. But given how much Facebook earns from our data, making it jump through some hoops to give users more security seems like a reasonable tradeoff.