The Washington PostDemocracy Dies in Darkness

Facebook braces for new E.U. privacy law

Sheryl Sandberg, Facebook's chief operating officer, addresses the Facebook Gather conference in Brussels on Jan. 23. (Reuters/Yves Herman)

Facebook announced a new push over the weekend to better explain its efforts to protect user data by sharing its privacy principles for the first time ahead of the European Union's new data protection law that will take effect in May.

The privacy principles, separate from the company's terms and policies, include a commitment to protect user privacy at the outset of product design and help people understand how their data is used.

The push will also include educational videos that clarify how people can take greater control over their data on the social network. “You have many ways to control your data on Facebook,” wrote Erin Egan, Facebook's chief privacy officer, in a blog post Sunday. “This includes tools to make sure you share only what you want with the people you want to see it.”

Facebook's new messaging app deepens debate over kids' social media use

The changes are a result of the E.U.'s General Data Protection Regulation, or GDPR. Back in 2015, the European Commission created the rules to give European citizens more control over the data collected about them by major tech companies such as Facebook, Google and Amazon.

According to the provisions, tech companies have to inform regulators within three days after discovery of a data breach. The rules also grant citizens the right to request that certain data about them be removed from the Web. Minors under the age of 16 who want to use digital services must first receive parental consent under the new rules. And national regulators will be able to issue fines if companies collect personal data without consent or misuse personal data.

Big Brother on wheels: Why your car company may know more about you than your spouse.

For Facebook and other Silicon Valley giants, complying with the GDPR may pose greater costs and require additional resources as their business models rely on the collection and sale of consumer habits online. The rules are significant because they are some of the most robust since the dawn of the Internet exceeding consumer protection in the United States. As massive tech companies such as Facebook, Google and Twitter rely on troves of consumer data to rapidly expand their operations and gain a larger influence in global society, the rules establish the importance of data privacy as a fundamental right. The GDPR will apply to all 28 E.U. member states.

Egan said that Facebook will start providing videos to teach users how to review and delete old posts and control the information the social networking platform uses to display ads, and to explain what happens when users choose to delete their accounts. The videos will appear in the news feed, she said.

U.S. military revising its rules after fitness trackers exposed sensitive data

Facebook's announcement comes a week after chief operating officer Sheryl Sandberg said the company will make its privacy settings easier to find. The company said it will launch a new privacy center this year for its 2 billion users, allowing them to change their core privacy settings in a single place on their Facebook accounts.

The initiative is an example of how tech industry efforts to comply with the GDPR will spill over to users in the United States. “Our apps have long been focused on giving people transparency and control, and this gives us a very good foundation to meet all the requirements of the GDPR and to spur us on to continue investing in products and in educational tools to protect privacy,” Sandberg said at an event in Brussels last week.

The GDPR rules apply both to European companies and to U.S. companies that collect the data of European residents.

Facebook and Google are doomed, George Soros says

“The release of these privacy principles was to essentially get ahead of the GDPR,” said Frances Zelazny, vice president of BioCatch, a security company that uses behavioral biometrics. “Facebook knows that if they are not prepared, they could get into trouble down the road.”

In Europe, Facebook has been the focus of several privacy investigations by government watchdogs in recent years. Closer to home, the company has come under heightened scrutiny over its handling of Russian disinformation campaigns that ran on the social media platform before and after the 2016 presidential election.

In a speech at the World Economic Forum in Davos, Switzerland, last week, billionaire philanthropist and leading donor to liberal causes George Soros described Facebook and Google as menacing, monopolistic companies. He urged stricter regulations on dominant technology companies and pointed to the enforcement actions of the E.U. as a model that U.S. regulators should emulate.