Facebook Facing GDPR Inquiry over Audience Targeting Ways

November 8, 2018


Facebook is confronting the anger of the European Union’s General Data Protection Regulation (GDPR) once again after a complaint made by the UK Information Commissioner Office (ICO) to the Irish Data Protection Commission (DPC) in relations to the social media titan’s user targeting methods.

Facebook has come in for heavy denunciation in recent weeks after a number of news reporters showed how easy it was to post bogus ads that appear to be funded/financed by real politicians. Other reports included targeting people with tremendously traditional opinions and views.

The Irish Data Protection Commission is the pertinent body to probe the complaint as the Facebook European head office is based in Dublin. Communications representative for the DPC Graham Doyle said: “As soon as this referral has been received by the DPC, we will evaluate the information and decide then what steps are needed.”

In a 113-page report submitted to the British Parliament ICO disclosed: “We are in the process of referring other unresolved problems concerning Facebook’s targeting functions and methods used to check individuals’ browsing habits, relations and behavior across the internet and different appliances to the Irish Data Protection Commission.”

Head of ICO Elizabeth Denham informed the UK Parliament’s Digital, Culture, Media and Sports Committee at the meeting: “Facebook requires to modify, substantially change, their business model and their practices to maintain confidence. We have disclosed a disturbing indifference for voters´ private secrecy. Social media platforms, political parties, data dealers and credit reference organizations have begun to question their own procedures – sending currents through the big data eco-system.”

Before the launch of GDPR on May 25 this year ICO approved Facebook with a £500,000 fine last month in relation to its relations with the well-publicized Cambridge Analytica scandal. At the time this was the maximum fine allowed under the British Data Protection Act 1998. In the new GDPR system, this figure might be much higher as the maximum fine is not €20m or 4% of yearly international income, whichever figure is higher. Using the 2017 financial figures for Facebook this would have been roughly £17m as Facebook had total income of €35.41 billion/£30.9bn.

Responding to the news a Facebook representative defended its tactic to audience targeting saying: “We frequently engage with watchdogs concerning our advertising tools, which we think completely abide by EU data protection rules”. Separately, remarking to the Guardian newspaper Facebook disclosed that: “We have learnt that some people might try to game the disclaimer system by entering wrong details and have been working to improve our review procedure to find and avoid this type of misuse.”

This is just the latest inquiry that Facebook has confronted since the introduction of GDPR. In September it was disclosed that up to 50m users of the social network might have had their privacy violated in a cyber attack when a hacker abused weakness to gain access to databases. This came after it was disclosed that user levels on the platform fell significantly after the May 25 GDPR launch date.