In preparation for the biggest shake up of data protection law in 20 years, Facebook has announced a new privacy centre.
Speaking at a Facebook event in Brussels, Chief Operating Officer, Sheryl Sandberg said:
“We’re rolling out a new privacy centre globally that will put the core privacy settings for Facebook in one place and make it much easier for people to manage their data.”
The new tools come in response to the new European General Data Protection Regulation (GDPR) that becomes law on 25 May 2018.
Organisations that breach the new data protection standard could face penalties of up to €20m or 4% of global annual turnover (whichever is greater).
It is hardly surprising that the social media platform is taking its data protection responsibilities seriously. For Facebook, this equates to maximum possible fines in excess of $1bn, based on its 2016 revenue.
Transparency and Control
Sheryl Sandberg said: “Our apps have long been focused on giving people transparency and control and this gives us a very good foundation to meet all the requirements of the GDPR and to spur us on to continue investing in products and in educational tools to protect privacy.”
Facebook already provides an activity log, that lets you review and manage what you share.
It provides a list of your posts and activity, from today back to when you first joined Facebook. This includes all the stories and photos you’ve been tagged in, as well as every time you’ve liked a Page or added someone as a friend.
Access to personal data
Under GDPR, you have the right to request access to personal data organisations hold about you.
And, if you are own or operate a business that holds personal data, you need to be aware that individuals can request access to the data you hold too.
In addition to the personal data itself, individuals may also request:
- Information about the purposes for which their data is being processed;
- Categories of data processed;
- Who the data is shared with;
- Where data was sourced from; and
- How long data will be retained.
Individuals can also ask for information about automated decision-making and profiling.
Self Service Information
For organisations that hold and process data on a large number of individuals, it is worth investigating the potential of secure, self-service access to personal data.
In other words, if you expect to receive a large number of requests from individuals for access to their data, are you able to provide a web-based portal where they can view it themselves, minimising the effort you will have to take to process each request for access.
I suspect this is what Facebook hopes to achieve with its activity log and the new Facebook privacy centre.
After all, with over 343 million Facebook users in Europe, it would be impractical to manually process requests!
I guess the question is, how many requests for access to personal information could you handle in your business? And, do you have adequate procedures in place?