Facebook, GDPR and the Right to Privacy: Three’s a Crowd?

Back in 2016 the European Union voted to pass the mother of all security laws, aimed at further extending the rights of its citizens to control how their data is used. The General Data Protection Regulation (GDPR) guards users against having their information shared without their explicit consent, and gives them the right to revoke that consent at any point.

Read: Does the GDPR Apply to You?

GDPR violations can see companies fined up to $20 million or 4% of their annual turnover, and even US-based companies are sweating bullets as they scramble for compliance; well, some of them anyway.

Hot off the congress roast, Mark Zuckerberg is of the mind that the world’s largest procrastination tool shouldn’t be extending the iron-curtain-level privacy rules the EU is pushing out on May 25 to its users outside the EU.  This, despite 50 million Facebook users’ profiles falling victim to the Cambridge Analytica data breach not so long ago.

Instead, Zuckerberg told Reuters that the largest social media platform in the world is committed ‘in spirit’ to extending GDPR-like privacy standards to the rest of its 2.2 billion-odd users worldwide.

The Cambridge Analytica mess has placed Facebook firmly in the gaze of EU lawmakers and that’s a sticky place to be when information is your business – even if you claim that you’re just a social media tool –. A report by the Guardian and the Danish Broadcasting Corporation earlier this week claimed that Facebook enabled advertisers to target users based on ‘interests related to political beliefs, sexuality and religion’; even without the GDPR, this is classified as sensitive information under EU data laws.

According to TechCruch, the social media giant can expect a swathe of legal challenges based on its current attitudes around privacy.

Following the last data breach, Facebook added extra layers of privacy protection across the board, leading Zuckerberg to believe that there are enough checks and balances to keep users safe without applying GDPR measures outside of the EU.

For the rest of us, however, the GDPR deadline isn’t just a suggestion. Thankfully, we’ve been doing our homework for some time now, so if you’re not quite ready or not sure if you are we’re here to get you across the finish line.

Read more: 72 Hours: Understanding the GDPR Data Breach Reporting Timeline

*** This is a Security Bloggers Network syndicated blog from Blog | Imperva authored by Gerhard Jacobs. Read the original post at:

Secure Coding Practices