Facebook is introducing new privacy controls to each of its 2 billion users as part of compliance with the EU’s General Data Protection Regulation (GDPR) that will come into effect on May 25th. Facebook will ask every user, regardless of where they live, to review their privacy choices, from the information they add to their profile to how Facebook uses their data to target ads. The company is also announcing the return of facial recognition to Europe and Canada after courts ruled seven years ago that Facebook’s photo-tagging system collected biometric data without proper user consent. The new controls will roll out to European users first, starting this week, and will expand to all users globally afterward, Facebook said in a blog post.
CEO Mark Zuckerberg had kind-of-sort-of indicated that Facebook would extend its European data protection controls globally. In compliance with GDPR, Facebook will present users with the option to accept or manage their relevant data settings. The social networking service will ask users whether or not they want to continue sharing political, religious, and relationship information in their profile, for example, and make deleting profile information easier. Users in the EU will begin to see the permission screens this week, while users in the rest of the world will be asked at a later, unspecified date. Under GDPR rules, companies are subject to penalties if they use or collect personal information without consent. European users will also see contact details for Facebook’s Data Protection Officer, which is a requirement under GDPR.
Facebook also said it will ask users to review and choose whether or not they want Facebook to use data from partners to show ads (partners like websites and apps that use Like buttons). “Facebook is an advertising-supported service,” said Facebook deputy chief privacy officer Rob Sherman at a press briefing. “All ads on Facebook are targeted to some extent, and that’s true for offline advertising, as well.”
Users in the EU and Canada will be given a new choice to opt-in to Facebook’s facial recognition products. (Courts in Canada and the European Union have previously ruled that Facebook’s photo-tagging system violated privacy law.) In addition to the benefit of seeing who’s posting photos of you, Facebook is positioning face recognition as a security mechanism by allowing the company to detect others attempting to use your image as their profile picture. Facebook, of course, benefits by having access to important biometric data.
The facial recognition products have been contentious, and Facebook stresses that they are entirely optional for users to enable. Earlier this week, a federal judge in the US ruled that Facebook must face a class action lawsuit (and the potential of billions in fines) over its Tag Suggestions feature, a facial recognition tool that the lawsuit alleges violated Illinois law by storing biometric data without consent when it was first introduced.
Facebook is also rolling out protections for teens in compliance with GDPR. “Even where the law doesn’t require this, we’ll ask every teen if they want to see ads based on data from partners and whether they want to include personal information in their profiles,” Facebook said in the blog post. Young people between 13 and 15 in some EU countries will need permission from a parent or guardian under GDPR to enable targeted ads or to add information like “interested in” to their profiles. Facebook said that teenagers in this age bracket will see a “less personalized” version of Facebook with limited sharing options until they get consent. Facebook’s Settings and Privacy shortcuts it introduced last month to comply with GDPR will also start showing up this week.
Facebook has faced intense scrutiny over the past few months after bombshell reports revealed analytics firm Cambridge Analytica misused user data from as many as 50 million Facebook users. Zuckerberg has testified before Congress as a result, while the company has also taken out full-page newspaper ads apologizing for the scandal.