- Bug lets Twitter save your DMs—even after you delete them Friday 7:21 PM
- Guy mansplains song to Japanese Breakfast, the female artist who wrote the song Friday 6:38 PM
- Ann Coulter’s Twitter bio links to a vulgar parody account Friday 5:22 PM
- Popular YouTube music channel gets income yanked for ‘repetitious’ content Friday 4:14 PM
- New website will endlessly generate fake faces thanks to AI Friday 3:41 PM
- Man fakes getting stood up at Outback Steakhouse Friday 3:03 PM
- FCC looks to tackle robocalls and spoofed texts Friday 2:57 PM
- How to protect yourself from the data breach that affected 744 million accounts Friday 12:56 PM
- How to stream Rob Brant vs. Khasan Baysangurov online for free Friday 12:21 PM
- No, Ocasio-Cortez doesn’t have her boyfriend on her payroll Friday 12:20 PM
- Writers want this book canceled for misgendering its protagonist Friday 12:15 PM
- Trump Jr’s meme about his dad’s border wall doesn’t get how Congress works Friday 11:44 AM
- FBI reportedly looking into Ryan Adams’ communications with underage girl Friday 11:25 AM
- Trump does Chinese accent, declares national emergency, bewilders the internet Friday 11:21 AM
- Chrissy Teigen throws shade at Logan Paul-Kaitlin Bennett pairing Friday 10:48 AM
Facebook is tricking users into signing its new terms of service, lawsuit alleges (updated)
Brian Solis/Flickr (CC-BY)
The social giant may be in violation of the GDPR.
A lawsuit, filed by NOYB, a non-profit digital rights organization led by privacy activist Max Schrems, explains how two red “pending” notification dots appear on the message and notification icons when users are shown the new terms of service. They have to agree to the documents, handing Facebook their personal data, in order to investigate those alerts. The complaint says the icons will appear even when there are no notifications.
The General Data Protection Regulation (GDPR) is a strict set of rules passed by the E.U. that gives users more control over their data.
Facebook, for its part, told the Daily Dot that the red notification icons are generic visuals meant to reassure users that the terms they’re agreeing to do, in fact, come from the social platform. The icons were supposedly added so people wouldn’t suspect they were agreeing to a phishing notification.
The company also provided a more detailed statement about its approach to the GDPR.
“We have prepared for the past 18 months to ensure we meet the requirements of the GDPR,” said Erin Egan, Facebook’s chief privacy officer. “We have made our policies clearer, our privacy settings easier to find and introduced better tools for people to access, download, and delete their information. Our work to improve people’s privacy doesn’t stop on May 25th. For example, we’re building Clear History: a way for everyone to see the websites and apps that send us information when you use them, clear this information from your account, and turn off our ability to store it associated with your account going forward.”
Users are not required to agree to its updated data policy, but they must agree to the terms of service in order to use Facebook.
NOYB believes Facebook is in violation of article 5 of the GDPR, which states personal data should be “processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’).” Gaining clear consent from users to collect their data is among the core tenants of the GDPR. Companies that violate the new privacy regulation face fines of up to 4 percent of their annual turnover. In Facebook’s case, that adds up to €1.4 billion, or about $1.63 billion.
The claims against Facebook for its peculiar method of allegedly getting users to click through the terms of service is one in a series of complaints filed against the social network on May 25, the day the GDPR went live. Google was also caught in the flurry of lawsuits aimed at the two largest advertising players on the internet. Schrems claims the company’s use of checkboxes to agree to data sharing is in violation of the GDPR’s itemized consent, which says users should be able to pick and choose what they agree to.
Schrems told the Financial Times that the company’s updated terms were far from GDPR-compliant: “They totally know that it’s going to be a violation. They don’t even try to hide it,” he said.
However, Facebook doesn’t believe it’s in violation of the privacy laws.
The GDPR forces companies that do business in the E.U. to adopt new privacy and security practices. Over the past months, tech firms have scrambled to release new terms of service that comply with the regulation, while others have abandoned the E.U. altogether to avoid steep penalties.
Among those not willing to take the risk are popular newspapers under Tronc and Lee Enterprises media publishing groups, including the Los Angeles Times, the New York Daily News, and Chicago Tribune.
The spotlight has been pointed squarely at Facebook after it was revealed to have failed to prevent a political data firm from manipulating the personal information of 87 million users. During CEO Mark Zuckerberg’s testimony before Congress, Facebook was frequently criticized for its lengthy, convoluted privacy agreements and terms that force users into an all-or-nothing decision. Under the GDPR, the social giant will need to be more transparent and flexible with how it asks users to hand over their data—or it could face substantial fines.
Editor’s note: This story has been updated for clarity and context.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.