The fallout from misuse of Facebook user data and Facebook’s failure to alert users about it could help strengthen the credibility and enforcement of the GDPR globally.
Businesses that thought they could tiptoe around the General Data Protection Regulation radar with a haphazard compliance strategy can think again, thanks to the expected fallout of the user data scandal.
While Facebook has issued multiple statements to its customers, the point remains: many businesses are still under the impression the GDPR won’t affect them, that it is another poor attempt at European bureaucratic lawmaking. But the GDPR has already led some U.S. vendors to pull back their business growth plans from Europe.
While Facebook is a unique case with literally billions of users and their data to deal with– companies large and small face a similar danger: data leaks.
According to the Facebook GDPR site, they’re ready for the impending May 25th GDPR deadline. “Data protection is central to the Facebook Companies. We comply with current EU data protection law, and will comply with the GDPR. Our GDPR preparations are well underway, supported by the largest cross-functional team in Facebook’s history. We’re also expanding our Dublin-led data protection team which is leading on these efforts.”
While data protection, in light of the GDPR may have been true prior to the knowledge of the recent scandal, the fact stands that Facebook, much like other corporations they were grossly underprepared for a mass data leak.
In a recent article, Facebook indicated how it plans to deep user data protected. “Over the years we’ve introduced more guardrails, including in 2014, when we began reviewing apps that request certain data before they could launch, and introducing more granular controls for people to decide what information to share with apps. These actions would prevent any app like Aleksandr Kogan’s from being able to access so much data today. Even with these changes, we’ve seen abuse of our platform and the misuse of people’s data, and we know we need to do more. We have a responsibility to everyone who uses Facebook to make sure their privacy is protected. That’s why we’re making changes to prevent abuse. We’re going to set a higher standard for how developers build on Facebook, what people should expect from them, and, most importantly, from us.”
There is a strong belief that regulators may get more power to enforce the GDPR more strictly. The Information Commissioner’s Office, which will regulate those who enforce GDPR-related fines in the U.K., can only seize documents from companies deemed to be in serious breach of the GDPR. In the wake of the Facebook fallout, some believe the ICO could engage in warrantless investigations to those deemed as serious breach offenders.
See how you are impacted by the GDPR, especially if you are using legacy applications like VFP, by downloading our comprehensive whitepaper