mark zuckerberg facebook ceo


Facebook’s new privacy review notice is meant to protect itself—not you

New regulations require consent to collect data.


Phillip Tracy


If there’s one lesson to take from Mark Zuckerberg’s exhausting marathon testimony before Congress this week, it’s that while Facebook offers controls for users to determine what information they want it to collect, they’re often too complicated and few people know they exist. Now Facebook is revealing those tools by forcing users to look over their privacy settings.

If this makes it appear Facebook learned something from the humiliation that rained down on it over the past few weeks, then think again.

First reported by Business Insider, the full-screen pop-up shows up on Facebook Messenger with a notice that reads, “Important Updates to Review. [Your name], please review your data settings by 25 May to continue using Messenger.” Selecting the “Review Now” option will reportedly take you to your privacy settings for the Facebook Messenger app on mobile, though it failed when Business Insider tried using it.

The company is simply covering itself before impending European privacy rules clamp down on its sketchy data collection practices next month. It’s the same reason Facebook is overhauling its privacy controls by folding them into a single, easy-to-read menu.

For those who aren’t familiar, the European Union recently passed the General Data Protection Regulation (GDPR), a law designed to give users greater control over how their data is harvested online. Under the GDPR, companies must make it easier to see what data they collect on users, protect that data from misuse, and notify users if their data is ever compromised.

For tech giants, especially those that rely heavily on data for ad revenue—like Facebook and Google—the GDPR passing into law is a nightmare scenario. That’s because they now have until May 25 to comply with the strict regulations. The maximum fine for failing to obey the rules is 4 percent of a company’s global annual turnover, or €20 million, whichever is greater. Additionally, other data protection agencies can impose smaller fines on top of that. Of course, there are several considerations that determine the fees, including the number of people affected, whether it was intentional, and what actions were taken to mitigate the damage.

One of the main pillars of the GDPR regulation is consent, or the obligation of companies that collect data to clearly ask users whether they are happy handing over certain information, like their sexual orientation, religion, or health records. This appears to be Facebook’s way of complying with the rules, though it’s interesting to note the privacy settings are still opt-out. That is, Facebook collects data by default until the user proactively tells it not to.

In order to comply with GDPR rules on time, Facebook is reportedly preparing the largest team in its history, comprised of executives from various departments, Business Insider reports. Interestingly, a photo taken of Zuckerberg’s notes during his testimony to Congress suggests the company isn’t yet prepared for GDPR regulations. One section explicitly says “Don’t say we already do what GDPR requires.” While the pop-up message appears to be a step in the right direction, Facebook still has a lot of work to do, and the clock is ticking.

Share this article

*First Published:

The Daily Dot