The EU regulation also places some restrictions on the practice of using data to profile individuals if the data is sensitive data — such as health data, political belief, religious affiliation and so on — requiring an even higher standard of explicit consent for doing so.
And of course, with the Cambridge Analytica data misuse scandal, we’ve seen how massive amounts of Facebook data were expressly used to try to infer US voters’ political beliefs.
Let’s not forget that Facebook itself ploughs its own resources into engaging politicians to use its platform for campaigning too. So perhaps it’s worried it might risk losing this chunk of elite business in the US if American Facebook users have to give explicit consent to their political leanings being fair game for ad targeting purposes. (And when many people would probably say ‘no thanks Mark; that’s none of your business’.)
But, as I say, we can but speculate what kind of GDPR carve outs Zuckerberg has planned for users on his home turf at this stage. The regulation comes into force on May 25 — so Facebookers don’t have long to wait to play a game of ‘spot the privacy standard discrepancy’.
What’s most curious about the Facebook founder demurring on an universal application of GDPR is the timing of it — in the midst of arguably the company’s biggest ever privacy scandal.
And if he feels North Americans’ privacy can be handled as a backburner consideration even now, by revealing he plans to work really hard to make sure domestic Facebook users are given second tier privacy status below everyone else in the rest of the world, well, you have to question the authenticity of his recent apology for the “mistakes” that he claimed led to the Cambridge Analytica scandal.
Facebook was actually warned over app permissions in 2011, as we’ve reported before. Yet it did not shut down the developer access that was used to pass personal data on 50M+ Facebook users to Cambridge Analytica until mid 2015. So, frankly, if that was a mistake, it was a very, very, slow moving one.
Some might say it looks rather more like reluctance to comply with data protection standards.
Here’s one of the core architects of GDPR — European MEP Jan Philipp Albrecht — asking the key question now: How long will consumers in North America take being put in privacy coach class? Over to you…