Facebook’s users will soon be asked to make choices about how they want their data to be used, as the social network tweaks its service.
This isn’t about calming people down after the Cambridge Analytica scandal; these are changes that Facebook already has to make in order to comply with the European Union’s sweeping new privacy law, the General Data Protection Regulation (GDPR), and has decided to roll out to users globally.
The big thing here is consent. Facebook will ask users to say whether they agree to it using data from outside sources to target them with ads, and it will check whether it’s okay for Facebook to make use of people’s political, religious, and relationship information.
The company will also ask users whether they’re fine with having their faces analyzed with Facebook’s facial recognition tech. Currently, it only uses this technology outside the EU and Canada—Facebook did use facial recognition on people in the EU before 2012, but in that year privacy regulators cracked down on the practice due to a lack of real consent on the part of users.
“While the substance of our data policy is the same globally, people in the EU will see specific details relevant only to people who live there, like how to contact our Data Protection Officer under GDPR. We want to be clear that there is nothing different about the controls and protections we offer around the world,” Facebook’s chief privacy officer and deputy general counsel, Erin Egan and Ashlie Beringer, wrote in a blog post.
So will these changes make Facebook compliant? That remains to be seen—the EU’s privacy regulators no doubt will be studying them closely—but it certainly seems like Facebook is trying to steer people towards giving it as many permissions as possible.
When presented with options, users will see a bright blue box reading “accept and continue,” and a less conspicuous box above it that reads “manage data settings.”
As TechCrunch’s Josh Constine, a journalist given a preview of the settings at Facebook HQ, wrote: “Facebook’s consent flow starts well enough with the screen above offering a solid overview of why it’s making changes for GDPR and what you’ll be reviewing. But with just an ‘X’ up top to back out, it’s already training users to speed through by hitting that big blue button at the bottom.”
When asked to accept or decline Facebook’s new terms of service, which have been redesigned in line with the GDPR, users will see a big blue button marked “I accept,” while the option to decline the terms is almost invisible, and marked “See your options.” This is unlikely to please the EU regulators.
And if those regulators end up deciding that Facebook still hasn’t fallen in line, the company could face fines as high as 4% of its global annual revenues. Based on last year’s revenues, that would be a whopping $1.6 billion.