Facebook pretends to comply with GDPR

[fisicx]

Well worth the read

https://www.theregister.co.uk/2018/04/18/facebook_privacy_settings/

For those with an inability to read anything longer than a tweet: facebook makes it really really difficult to opt out of data slurping.

 

[Keith Budden]

I think the article is a bit hard on Facebook to be honest.

It is certainly true that everything should be 'opt-in' whereas in a number of areas Facebook has instead gone for 'opt-out', but I'm surprised how many people don't realise the volume and type of data Facebook holds (it's not alone on the messaging front by the way, Google scans gMail messages for prompts as to what adverts you might be most responsive too).

But to say Facebook 'pretends' to comply is not really fair - it would be better to say that in some areas it is compliant and in others (at the moment at least) it isn't. That said, the whole situation has moved on markedly since the Cambridge Analytica debacle, before that Facebook was 100% non-compliant, now it is gradually moving towards compliance and I suspect by the time we get to May 25th, it will be as compliant as many other US (and indeed EU/UK businesses) - i.e. on the journey to GDPR compliance but not yet at the destination.

 

[fisicx]

Except they have now moved all your data to California so they no longer have to comply with GDPR. Facebook doesn’t want to to give up its income. And to keep earning money they need your data. So they aren’t going ever have opt out as the default setting.

It’s why I don’t use gmail either.

 

[Keith Budden]

If it's data re EU citizens it doesn't matter whether they are storing it in Lewisham, Venice, Los Angeles or the Moon, they still fall under GDPR, it's where the person is that is the overriding factor, not where the data is.

 

[OMGVape]

What can the EU do if Facebook don’t comply? If they block Facebook the teenage suicide rate will go through the roof.

 

[Keith Budden]

Theoretically at least the EU Information Commissioners could take two possible actions - one they could mount a criminal case against Facebook, and given that the maximum penalty is 4% of global turnover or €20 million whichever is the greater (and in the case of Facebook that puts the maximum penalty somewhere around $1.2 billion, so this is a high stakes game), or they could ban Facebook from handling personal data of EU citizens, i.e. essentially Facebook would have to remove all EU citizens from its user base.

I suspect in reality it will come down to brinksmanship - a case of staring each other out to see who blinks first..... although noises from the UK ICO a week or so ago implied that Facebook had agreed to comply with GDPR (or be substantially on the way to complying) by 25th May.... could be some interesting times ahead....

 

[money road]

• Sorry guys, but this is just business, nothing more.
• If there will be no data, there will be no business.
• The purpose of every website is to make money.
• If you are soo afraid of your data protection on facebook, why just not to delete Fb account?

 

[fisicx]

although noises from the UK ICO a week or so ago implied that Facebook had agreed to comply with GDPR (or be substantially on the way to complying) by 25th May

They have got round this by moving all the accounts to California.

https://www.theregister.co.uk/2018/04/19/facebook_shifts_users/

But the FTC says everything is OK:

https://www.theregister.co.uk/2018/04/21/facebook_privacy_audit_finds_everything_is_awesome/

 

[Keith Budden]

If you read the Register article again you will see it is only the Non-EU users accounts it has moved to California. That makes sense as GDPR won't apply to them anyway.