On April 4, Facebook updates or rather clarified its data use policy
On April 10, it launched the Data Abuse Bounty program rewarding users with $500 minimum for reporting data abuse
On April 17, Facebook announced compliances with EU’s GDPR to start with, which will be rolled out to everyone
It all started with the Cambridge Analytica controversy where Facebook came under fire for leaking the personal data of 87 million users to the data analytics company, which had a hand in the US elections. Facebook’s CEO Mark Zuckerberg also appeared in front of the US Senate for a two-day testimony, which implies regulations are coming for the social media behemoth that also owns Instagram, WhatsApp and Oculus.
Now, Facebook has announced new ‘privacy experiences’ for its users in compliance with GDPR. But, the company is going one step further to make these applicable to all users – not just Europeans. However, the changes will begin rolling out in Europe first.
“As soon as GDPR was finalized, we realized it was an opportunity to invest even more heavily in privacy. We not only want to comply with the law, but also go beyond our obligations to build new and improved privacy experiences for everyone on Facebook,” say Erin Egan, vice-president and chief privacy officer, Policy and Ashlie Beringer, vice-president and deputy general counsel in a blog post.
The post also adds that the changes are based on input from outsiders including regulators and government officials; although the specific governments and regulators have not been mentioned.
Let’s take a look at some of the changes:
Ads based on data from partners like websites and apps
What Facebook says: We’ll ask people to review information about this type of advertising, and to choose whether or not they want us to use data from partners to show them ads.
What it does not say: What exactly ‘review information’ means and how much control users have over these partners collecting the data in the first place
What Facebook says: If you’ve chosen to share political, religious, and relationship information on your profile, we’ll ask you to choose whether to continue sharing and letting us use this information. As always, including this information on your profile is completely optional. We’re making it easier for people to delete it if they no longer want to share it.
What Facebook doesn’t say: This is pretty good for everyone except US users. As TechCrunch pointed out, “In the US, political views alongside political Pages and Events you interact with impact your overarching personality categories that can be targeted with ads. You can opt out of being targeted by those too. But your only option here is either to remove any info you’ve shared in these categories so friends can’t see it, or allow Facebook to use it to personalize the site. There’s no option to keep this stuff on your profile but not let Facebook use it.”
Allowing face recognition technology
What Facebook says: Our face recognition features help protect your privacy and improve your experiences, like detecting when others might be attempting to use your image as their profile picture and allowing us to suggest friends you may want to tag in photos or videos. As part of this update, we’re now giving people in the EU and Canada the choice to turn on face recognition.
What Facebook doesn’t say: The facial recognition technology was banned in the EU, UK and Canada around 2012. In fact, it is currently in a class action lawsuit in the US for unauthorized use of the technology. The BBC reports that the lawsuit alleges that Facebook gathered biometric information without users’ explicit consent, which breaches the Illinois state law.
Parental controls for teens
What Facebook says: We’ve built many special protections into Facebook for all teens, regardless of location. For example, advertising categories for teens are more limited, and their default audience options for posts do not include “public.” We also keep face recognition off for anyone under age 18 and limit who can see or search specific information teens have shared, like hometown or birthday.
Under GDPR, people between the ages of 13 and 15 in some EU countries need permission from a parent or guardian to allow some features on Facebook — seeing ads based on data from partners and including religious and political views or “interested in” on your profile. These teens will see a less personalized version of Facebook with restricted sharing and less relevant ads until they get permission from a parent or guardian to use all aspects of Facebook. Even where the law doesn’t require this, we’ll ask every teen if they want to see ads based on data from partners and whether they want to include personal information in their profiles.
What Facebook doesn’t say: The process of verifying parental consent is rather unclear. From what it currently seems, teens just need to select a Facebook friend or enter an email address, who will be asked to give consent. There’s no way of actually checking if that person is a parent.
There are several other changes too announced on the blog, which will be updated in time.
Although it seems that Facebook is trying to address users’ – and governments’ data privacy concerns – most of its efforts have been criticized by users as being superficial. For instance, when going through the Security Check, the ‘Accept’ button is the biggest with either a tiny cross to close or a not very visible ‘See your options’ hyperlink in case you don’t want to accept.