New, Strict EU Laws Force Facebook To Redefine And Publicize Its Privacy Principles

In a blog post published earlier today, Erin Egan, Chief Privacy Officer at Facebook, announced the social media giant would be publishing its privacy principles for the first time ever. Apart from that, Facebook will release educational videos to help users better understand how to control who has access to their information. In Egan’s words, this will be an “education campaign,” meant to help users understand how their data is used.

Facebook’s privacy principles are not to be confused with the user terms and conditions that are agreed upon when someone opens an account, and have never been available to the public.

This newfound transparency is a major shift for Facebook and the first time since the company’s birth that it is providing valuable, privacy-related insight for its users. Erin Egan laid out Facebook’s Privacy Principles in seven bullet points, describing what each of them means.

Facebook users will now have multiple “privacy choices,” and the social network will provide educational content in an effort to educate users about where their privacy controls are, and how to use them.

“You own the information you share on Facebook,” Egan wrote. “This means you decide what you share and who you share it with on Facebook, and you can change your mind. That’s why we give you tools for deleting anything you’ve posted. We remove it from your timeline and from our servers. You can also delete your account whenever you want.”

The Chief Privacy Officer then added that Facebook is now cooperating with privacy professionals and regulators. “We recognize that people use Facebook to connect, but not everyone wants to share everything with everyone. It’s important that you have choices when it comes to how your data is used,” Egan added.

This sudden shift in transparency did not come out of nowhere. The European Union’s General Data Protection Regulation (GDPR) enters into force on May 25 2018, Reuters reported, describing the GDPR as “the biggest overhaul of personal data privacy rules since the birth of the internet.”

Once GDPR goes into full effect, internet companies will be obligated to allow users to export and delete their data. The General Data Protection Regulation will drastically increase fines. Companies found to be in breach of this law will be forced to pay fines as high as 4 percent of global annual turnover.

The EU General Data Protection Regulation is the most important data privacy regulation in decades, so the European Union has an entire website dedicated to it, meant to educate companies and users alike.

Key changes the GDPR will bring are listed and explained on the website, with “Right to be Forgotten” being one of them; also known as “Data Erasure,” this will allow the data subject to have the data controller permanently erase their personal data.

In case of a data breach, data controllers will be required to notify their customers “without undue delay.” Perhaps most importantly, under the GDPR, the conditions for consent will be significantly strengthened.

Companies will be required to give requests for consent in “an intelligible and easily accessible form,” using clean and plain language instead of legalese.