Earlier this week Facebook CEO Mark Zuckerberg responded to criticism on data privacy from his counterpart at Apple, Tim Cook, by tartly observing:
I think it’s important that we don’t all get Stockholm Syndrome and let the companies that work hard to charge you more convince you that they actually care more about you.
Yesterday Zuckerberg gave an interview to Reuters that suggests that when it comes to data privacy protection, Facebook might indeed care less than Apple.
For while Apple has committed to extending the protections offered to European Union (EU) users in the forthcoming GDPR (General Data Protection Regulation) to all of its customers, it looks as though Facebook’s U.S. consumers won’t get the same benefit.
Zuckerberg told Reuters that he agreed “in spirit” with GDPR and would aim to deliver policies that would mirror some aspects of it, but fell short of full alignment:
We’re still nailing down details on this, but it should directionally be, in spirit, the whole thing.
He added that aspects of GDPR, such as the right to erase information, already come built-in with Facebook:
We think that this is a good opportunity to take that moment across the rest of the world. The vast majority of what is required here are things that we’ve already had for years across the world for everyone.
Facebook boasts 2.2 billion users worldwide, only 17% of whom are in EU states.
GDPR isn’t likely to be good news for Facebook’s bottom line. It provides consumers with much more control over what use social media platforms can put their data to. Companies like Facebook that are dependent on collecting and manipulating personal data to drive targeted advertising will find themselves paying out to stick within the law and to obtain consent from users.
It will also allow users in EU countries to transfer their data wholesale to other social networks if they’re not happy with how their current platform is behaving. Given Facebook’s current PR problems, that’s not a happy state of affairs.
Failure to comply with GDPR exposes companies with a fine of €20 million or four percent of global annual turnover, whichever is greater.
Facebook has taken one action in relation to GDPR when it announced that it is shutting down its Partner Categories program which allows advertisers to target users by users data from Facebook and from a number of third parters, so-called data brokers.
In an email to its data broker partners, Facebook confirmed that phasing out of EU third-party data will kick off from 25 May, the day GDPR enters into law:
May 10: After this date, you will no longer be able to create or edit campaign using Partner Categories built on audiences from the UK, Germany, and France; however, they will be allowed to continue running until May 24. May 25: Facebook will no longer deliver to Partner Categories built on audiences from the UK, Germany, and France, and these targeting options will no longer be available for use on the platform.
There is a lot of pressure from civil rights activists in the U.S. to get tech and social media firms to commit to providing states-side users with the same rights as their European counterparts. Reuters cites Jeff Chester, Executive Director of the Center for Digital Democracy, as stating:
We want Facebook and Google and all the other companies to immediately adopt in the United States and worldwide any new protections that they implement in Europe.
There are those who are taking a lead here. Apple has committed to update its website to make it easier for users get a copy of their data, request a correction to their data, deactivate accounts and delete their accounts, all requirements of GDPR. Ryan Ernst, Apple’s Data Protection & Privacy Officer, said:
We're proud to be able to comply with GDPR. We’re not going to traffic in your personal life. Privacy to us is a human right, a civil liberty.
Other enterprise tech providers have begun talking more about GDPR in recent months. Salesforce President Keith Block recently made a point of flagging up GDPR when he said:
We welcome the GDPR as an important step for customers to strengthen their privacy programs, and we are committed to helping our customers prepare for it every single day.
Box CEO Aaron Levie is confident that his firm has put the necessary GDPR preparations in play:
Our focus, really as soon as we pivoted into the enterprise over a decade ago and certainly ramping up over the past 3 to 5 years, has been on compliance and security and privacy in a much deeper way than the rest of the landscape.
So we've been very prepared for the GDPR implications from a business process standpoint [and] from an architecture standpoint. We announced a GDPR readiness package already a couple weeks ago to help customers along this journey by the May requirement.
We see GDPR as a broader tailwind in our overall compliance and security efforts, we see it as another sort of genesis for why customers are going to choose to move to the cloud and into modern systems for managing their content and their collaboration.
Meanwhile Adobe CEO Shantanu Narayen has been keen to reassure customers that while concerns about data privacy are on the rise, they shouldn’t act as an inhibitor to cloud adoption:
I think as people are collecting data, the emphasis and importance of data and privacy continue to be front and center. But I don't think it changes the fundamental trajectory associated with people wanting to have all of this in the cloud. We just have to make sure that we use it as a tailwind against the competition and step up, like we have done when we collect customer data to enable our customers to do that as well. So we'll be ready for GDPR when it comes, but it's not going to change this fundamental move where things are going to move in the cloud and digital is going to be the way in which enterprises transact with consumers.
In the wake of Cambridge Analytica et al, Zuckerberg’s comments on GDPR aren’t exactly the most sensible thing to say right now. Other tech firms are taking a much more pro-active lead here. It’s up to U.S. consumers to pile on the pressure to get the same rights as their EU counterparts.