Facebook has started to seek consent from users for targeted advertising, storage of sensitive information and application of facial recognition technology for the first time, as the European general data protection regulation (GDPR) is due to come into force in just over a month.
Although the company is only required to seek permission for EU users, it plans to roll them out to all Facebook users globally. The move follows Mark Zuckerberg’s stated goal to follow in the direction of GDPR worldwide.
In a post on the Facebook blog, the company said:
“As soon as GDPR was finalised, we realised it was an opportunity to invest even more heavily in privacy. We not only want to comply with the law, but also go beyond our obligations to build new and improved privacy experiences for everyone on Facebook. We’ve brought together hundreds of employees across product, engineering, legal, policy, design and research teams. We’ve also sought input from people outside Facebook with different perspectives on privacy, including people who use our services, regulators and government officials, privacy experts, and designers.”
EU users should expect a privacy notification in the coming weeks asking if they agree to the company’s updated terms of service, and to make specific choices in a number of areas defined by the new law.
According to the Facebook blog the options include:
“Ads based on data from partners. Ads on Facebook are more relevant when we use data from partners, like websites and apps that use business tools such as our Like button. We’ll ask people to review information about this type of advertising, and to choose whether or not they want us to use data from partners to show them ads.
“Information in their profile. If you’ve chosen to share political, religious, and relationship information on your profile, we’ll ask you to choose whether to continue sharing and letting us use this information. As always, including this information on your profile is completely optional. We’re making it easier for people to delete it if they no longer want to share it.
“Allowing face recognition technology. Our face recognition features help protect your privacy and improve your experiences, like detecting when others might be attempting to use your image as their profile picture and allowing us to suggest friends you may want to tag in photos or videos. We’ve offered products using face recognition in most of the world for more than six years. As part of this update, we’re now giving people in the EU and Canada the choice to turn on face recognition. Using face recognition is entirely optional for anyone on Facebook.”
However, some users say Facebook is attempting to railroad them in to giving consent under the new laws, rather than making it easy to make a meaningful choice.
If users want to decline the new permissions, they are not able to simply click “no”. Instead, all of the options are presented with a blue button reading “accept and continue” and a white button labeled “manage data settings”. The “manage data settings” button takes them to a second page where Facebook gives more information pushing them into accepting the change, and then a third page where they are able to opt out.
“Overall, it seems like Facebook is complying with the letter of GDPR law, but with questionable spirit,” wrote TechCrunch’s Josh Constine. “The subtly pushy designs seem intended to steer people away from changing their defaults in ways that could hamper Facebook’s mission and business.”