Facebook on Wednesday announced it is introducing “new privacy experiences” aimed at complying with European Union regulations that will give users worldwide a chance to opt out of some features that could expose their personal data.
“Everyone – no matter where they live – will be asked to review important information about how Facebook uses data and make choices about their privacy on Facebook,” said Erin Egan, Facebook’s chief privacy officer and Ashlie Beringer, deputy general counsel.
Egan and Beringer, both vice presidents, said the change was “part of the EU’s General Data Protection Regulation (GDPR), including updates to our terms and data policy.”
As NPR’s Yuki Noguchi reported, Facebook hinted at the new privacy controls last month.
Wired says that the GDPR goes into effect on May 25 “and will apply to any companies that collect or process data on individuals in the EU. They require that consumers give informed consent to how their data is being collected and used. Critics, however, say the consent process Facebook outlined relies on design tricks that encourage users to share their personal information widely.”
The move comes as the ubiquitous social media platform has come under fire from lawmakers in the U.S. and Europe over the spread of political disinformation and the use of user data to micro-target potential voters.
Facebook CEO Mark Zuckerberg, who offered congressional testimony last week, has also been asked to appear before the European Parliament.
“This case is too important to treat as business as usual,” EU Justice Commissioner Vera Jourova told an assembly of lawmakers, according to Reuters. “I advised [Facebook COO] Sheryl Sandberg that Zuckerberg should accept the invitation from the European Parliament … as a measure of rebuilding trust,” she said.
As part of the new privacy guidelines, Facebook said it will offer individual users:
- A choice of whether or not they want to use data from partners to show them ads.
- Whether to continue sharing political, religious, and relationship information on profiles.
- In the EU and Canada a choice of whether to enable face-recognition technology (it is already optional in the rest of the world, Facebook says).
In a statement to Wired, Facebook said, “We’re ensuring that all our products and services comply with the GDPR.”
However, Sandy Parakilas, a former Facebook operations manager, tells the magazine “Everything about the page is designed to manipulate you into doing the thing they want.”
“The goal of the design exercise is to get you to accept, and not go into your settings and turn things off,” she says, according to Wired.
As we reported earlier this week, a federal judge in California ruled that Facebook could be sued in a class-action lawsuit brought by users in Illinois who say the social media company improperly used facial recognition to upload photographs.
NPR’s Richard Gonzales writes:
“The suit seeks penalties of up to $5,000 for every time a user’s facial image is used without his or her permission. The judge said the potential damages could amount to billions of dollars.
“Facebook issued a statement saying it continued to believe that the lawsuit has no merit. It argued in court that individual plaintiffs should have to pursue their legal claims proving that they were ‘aggrieved’ and suffered an actual injury beyond an invasion of privacy.”
TechCrunch says Facebook has confirmed that it is looking into the matter.
“The exploit lets these trackers gather a user’s data including name, email address, age range, gender, locale, and profile photo depending on what users originally provided to the website. It’s unclear what these trackers do with the data, but many of their parent companies including Tealium, AudienceStream, Lytics, and ProPS sell publisher monetization services based on collected user data,” the tech site reports.