Is GDPR the end of Facebook’s reign over personal data?

With news that Facebook’s facial recognition software will be made available to UK users, Dean Armstrong QC, expert in Cyber Law was invited onto BBC Business Live to discuss the ramifications for the company of new regulation coming next month.

Facebook has come under fire recently for the way its users’ data has been accessed and used by third parties. Under new EU regulation GDPR (General Data Protection Regulations), coming into force from 25 May such third-parties based in the EU, and dealing with data from EU citizens will come under much harsher scrutiny. As a result, US-based Facebook must become much more aware of how user data is being mined and used by apps, advertisers and others who provide its profit.

Consent musn’t be coerced

In relation to the new facial recognition software, Dean explained that UK users will have to provide effective consent, opting-in to the service explicitly. This opt-in must not be as part of a wider set of services, i.e. Facebook won’t be able to demand users opt-in to the software to access other benefits – under GDPR consent must be distinctive.

Dean also discussed how children will be the focus of greater protection under GDPR. Those under the age of 13 are already unable to sign up to Facebook but the new regulation will see users aged 13 – 16 require explicit consent from their parents to create an account.

This is due to the fact that under GDPR, no one under the age of 16 can give consent for their personal data to be accessed and used in such a way.

GDPR will demand Facebook considers a radical new approach to how it communicates with its users and how it regulates its relationships between third parties and users. It will also require the company to ensure its users provide clear and explicit consent, across its services. While GDPR is a positive step for the securing of personal data, it’s unlikely that Facebook will fall under this new regime if it takes these radical steps. 

Learn more about Dean’s expertise and read his guide to GDPR on V3.co.uk