With the new GDPR Law, it’s Time to be Careful about your Personal Data on Facebook

Facebook has, for quite some time, been at the center of data breach controversies, especially since the Cambridge Analytical scam. With more and more advertisers pulling out of Facebook, the new GDPR law comes as another tricky situation for the widely popular social site.

The General Data Protection Regulation (GDPR), which came into effect on 25th May 2018, is a regulation on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside these areas. According to the law, “the GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location. Only when the data subject has given a well-informed consent, can the data processors and controllers utilize the data for reasons beyond legal basis to do so. As Information Commissioner Elizabeth Denham quotes “To meet the challenges I’ve described, we need to move from a mindset of compliance to a mindset of commitment: commitment to managing data sensitively and ethically.”

This has caused major disruptions to a host of businesses, apart from the obvious ad tech industry. Many websites have blocked EU users entirely, while some have redirected them to the toned down version of their website, to fall in line with the law without disrupting their current operations. According to Wikipedia, sales volume of online behavioral advertising placements in Europe fell 25–40% on 25 May 2018.

When we talk about Facebook in terms of GDPR, it is important to first review our own awareness and actions related to safeguarding our data on the social site. When was the last time you checked your privacy settings on your Facebook profile? Do you thoroughly review the posts you are tagged in or posts you create, before sharing them on your timeline? The statistics on general user awareness of Facebook privacy, disturbingly show the lack of people’s understanding of the gravity of the issue.

25% of people have kept most of their posts open to public viewing, while 28% some of their posts public. In a bid to be popular on Facebook, people have lost sight of the potential misuse of their personal information not just by the site but also by other people. We have been so laid back on our own security that 50% of the people have never tried to use the “View As” feature on Facebook to recheck what information about them is available for public viewing. Also, as many as 61% of people are not aware of third-party applications that have access to their Facebook accounts.

Facebook, made slight amends to their privacy policy, but largely remains unaffected as for the most part, it does have the “consent” of the data subject due to its very complicated privacy settings, which most unsuspecting individuals press “I Accept” to. According to TheCrunch.com, “First up is control of your sensitive profile information, specifically your sexual preference, religious views and political views. As you’ll see at each step, you can hit the pretty blue “Accept And Continue” button regardless of whether you’ve scrolled through the information. If you hit the ugly grey “Manage Data Setting” button, you have to go through an interstitial where Facebook makes its argument trying to deter you from removing the info before letting you make and save your choice. It feels obviously designed to get users to breeze through it by offering no resistance to continue, but friction if you want to make changes. Yet, Facebook claims to make the privacy amends, not just for EU countries, but globally to align with the GDPR. This just means that the privacy settings and consent walkthroughs are going to be trickier than ever with the ultimate motive to exhaust the user until they give up halfway and click that accept button. This frees Facebook from any data breach allegations, from any country of the world, in future. Surely, GDPR comes as a blow to third-party apps that misused Facebook data, but how sure can we be about Facebook itself not misusing our data under the pretext of new privacy changes?

Did you know that 93% of marketers use Facebook advertising regularly, which translates to about 3 million businesses?

Nonetheless, ever since 2016, when GDPR was made and Cambridge Analytica breached the privacy of nearly 87 million Facebook profiles, there has been a fall in the number of advertisers on Facebook, which significantly affected the CPC rates in general. However, some advertisers claim to have had a higher number of conversions since the rolling out of GDPR. With the necessity of filling up consent forms, only relevant people click the ads or sign up to the respective business, which greatly increases the chances of conversions. As they say, quality is always better than quantity. From an advertiser’s perspective, this has been a favorable turn of events, provided they are non-EU based, as they are able to harness greater ROI with lower expenditure, due to the fall in click rates in general.

And hence to sum up, while there might be a short-term gain propagated by GDPR, in the long haul, we are going to see Facebook and eventually other data related websites, create a tighter trap around our data, in the name of legislation, by making utmost utilisations of the loopholes in the regulation and finding means to monetise it.

We can only wonder about living in a world where our online personal data is as secure as a locker in our apartment. Until then, we just need to stay alert!

Abhishek Singh

Abhishek Singh

Abhishek Singh is the Co-founder of Beeing Social.

Leave a Reply

Your email address will not be published. Required fields are marked *