A few months before the EU enacts substantial new privacy rules, and just in time for Data Privacy Day, Facebook has both revamped privacy controls for users to make them simpler and published its internal “privacy principles”, which detail the company’s commitment to protecting user data.
Europe’s General Data Protection Regulation (GDPR), made law last April and enforceable beginning this May, heightens the privacy standards for all companies that collect data from EU citizens. It mandates companies inform people how their data is collected, whether it’s sold or shared, requires consent before data collection, and sets a strict 72-hour deadline for companies to make the public aware of data breaches. (Compare that to Uber, which infamously sat on knowledge of a data breach for over a year.)
What concerns Facebook the most is likely the sanctions. Violating the GDPR comes with enormous fines: Up to four per cent of the company’s annual global revenue. For Facebook, that could mean billions. In 2017, Facebook was fined €110 million ($168 million) by the European Commission for “misleading” users about how data is shared between Facebook and WhatsApp. To remove any ambiguity about whether it’s taking this law seriously, Facebook’s internal privacy principles and fuller privacy breakdown seem tailored to the terms of the GDPR.
Among Facebook’s principles is “You own and can delete your information.” Sure enough, the law has “right to access” and “right to erasure” clauses requiring that companies let people download their own data and fully delete their information as well. (Assuming, of course the government doesn’t want it for an investigation.) “We give you control of your privacy” is another of Facebook’s newly public principles. So, yes, Facebook has created an annotated privacy control hub (upon threat of heavy fines).
This means some friendly headlines for Facebook, of course, but there’s something unsettling about how the company is treating regulation as absolution for its many privacy foibles (to say nothing of the algorithmic black boxes or shadow profile system). Ultimately, it’s good Facebook is prioritising personal privacy like this, though it does little in the way of uncovering how secrecy is embedded in many of its business practices.