Facebook Privacy Debacle: Update

By Evelyn Donatelli

This update starts with events in the EU, the effects of which are being felt in the US. The European Union’s new data privacy regulations (known as GDPR), are set to go into effect May 25, 2018. These regulations will be the new standard until US Congress decides to pass new legislation. US Congress demanded a 10-hour public testimony from Zuckerberg (April 10-11), but has yet to indicate how it plans to move forward following.

What is Facebook doing to increase user privacy post-GDPR? Upon close inspection, the updates revealed this week do not appear to have increasing user privacy as their goal.

Starting this week, Facebook ($FB) asked users to agree to its new terms of service and data policies. But rather than minimizing features which jeopardize user privacy, Facebook is actually unveiling new potentially privacy-endangering features under the new EU regulations. In the EU, Facebook will now prompt users to opt in to the company’s use of facial recognition software, which Facebook previously had not used in Europe because of regulation concerns.

Facebook’s April 17 blog post announced its plans to start “complying with new privacy laws.” By this, Facebook means it will alert people to features the company already offers. The appearance and design of these alerts is what calls into question their actual purpose.

Issues with these alerts include: design features (ease of accepting vs. rejecting Facebook’s request to access the data in question) and language used in these alerts which blatantly incentivizes opting in. As you may (or may not) have noticed while accepting Facebook’s new privacy alerts, the questions are framed in a way which only mentions the potential benefits to the user of accepting Facebook’s access to your data.

This raises certain questions - how much control do regulations have over the steps companies take to correct privacy infringement? How much control should they have over the design of new features intended to address new regulations? The ideal balance between government interference and protection of user privacy here is unclear.