Facebook and GDPR: EU Responds to SOS with GDPR.
This is part three of a multi-part series on, The Facebook Dossier. Researched, reported, and compiled by Acreto IoT Security.
It’s important to understand the relationship between the social giant and the increasing momentum of regulations – let’s look at Facebook and GDPR.
The social has successfully paralyzed US regulators for years. There is a distinguishable difference between US lawmakers’ and regulators’ approach to privacy and their European Union (EU) counterparts. With the elimination of net neutrality, the United States is on a crash and burn path with regard to regulations. The EU has taken the complete opposite approach. The General Data Protection Regulation (GDPR), although not perfect, is more aware of the digital challenges ahead and is taking steps to address them.
Here is a quote by Lawrence Blakeman, CEO at QuaEra (qua-ERA) Insights, and industry expert on analytic technologies
Facebook is often both hyper aggressive and tone-deaf to privacy concerns in their data collection efforts. Without the extraordinary circumstances of the 2016 elections, it’s doubtful they would be as ‘forthcoming’ as they have been. The push from the European regulators with GDPR actually benefits many American users of the service as well.
The recently implemented GDPR is a sweeping set of rules and regulations intended to give citizens more control over their personal data. Facebook, as a data handler, falls into both categories of data controller and data processor. According to Facebook’s website:
A company is a data controller when it has the responsibility of deciding why and how (the ‘purposes’ and ‘means’) the personal data is processed.
Under the GDPR, data controllers have to adopt compliance measures to cover how data is collected, what it’s used for and how long it’s retained. They also need to make sure people can access the data about them.
Data controllers must ensure data processors meet their contractual commitments to process data safely and legally.
A company is a data processor when it processes personal data on behalf of a data controller. Under the GDPR, data processors have obligations to process data safely and legally.
While Facebook operates the majority of our services as a data controller, there are some instances in which we operate as a data processor when working with businesses and other third parties.
Facebook and GDPR have a tricky relationship; the social stated that it spent a year and a half preparing to meet GDPR requirements, and right off the bat, it got slammed—hard. On day one, Facebook and two of its subsidiaries—Instagram and WhatsApp—were hit with multiple lawsuits regarding their use of personal data and communication around information-sharing consent. The lawsuits were spearheaded by Austrian lawyer and privacy activist Max Schrems.
The Norwegian Consumer Council released a report on June 27, 2018, titled, “Deceived by Design: How Tech Companies Use Dark Patterns to Discourage Us from Exercising Our Rights to Privacy,” which states in part:
In the example of face recognition, however, Facebook effectively hides privacy-intrusive default settings from the user. Despite the headline “Turn on face recognition if you want us to use this technology”, users who want to change the setting and turn on face recognition, do not have to do anything except click “Accept and continue”. Users that want to keep face recognition turned off, have to go into the settings and actively select off. For the many who do not click manage data settings, the least privacy friendly choice is in fact pre-selected. Note that choosing the most privacy friendly option requires four more clicks than the least privacy friendly option. That neither option is pre-selected once one have clicked through form “Manage data settings”, only sugar-coats the fact that the least privacy friendly option in fact is pre-selected through the design.
Next up in the Facebook Dossier – listen to, “A Checkered History with the Truth”.
Learn more or read online by visiting our web site: Acreto.io — On Twitter: @acretoio and if you haven’t done so, sign up for the Acreto Crypto-n-IoT podcast. You can get it from Apple – Google or your favorite podcast app.
About Acreto IoT Security
Acreto IoT Security delivers advanced security for IoT Ecosystems, from the cloud. IoTs are slated to grow to 50 Billion by 2021. Acreto’s Ecosystem security protects all Clouds, users, applications, and purpose-built IoTs that are unable to defend themselves in-the-wild. The Acreto platform offers simplicity and agility, and is guaranteed to protect IoTs for their entire 8-20 year lifespan. The company is founded and led by an experienced management team, with multiple successful cloud security innovations. Learn more by visiting Acreto IoT Security on the web at acreto.io or on Twitter @acretoio.