Sunday, 23 September 2018
Latest news
Main » Facebook Says Users Must Accept Targeted Ads Even Under New EU Law

Facebook Says Users Must Accept Targeted Ads Even Under New EU Law

18 April 2018

Individuals will have far greater rights about how businesses use their data.

The company will also allow European Union and Canadian citizens the option to use face recognition to better protect their privacy.

Most GDPR-relevant data is stored on premises.

Crowd Research Partners today released the 2018 GDPR COMPLIANCE REPORT revealing that the majority of surveyed organizations is likely to miss the May 25, 2018 compliance deadline for the European Union General Data Protection Regulation (GDPR). Companies face fines if they collect or use personal information without permission.

Earlier this month, USA senators Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.) introduced a privacy "bill of rights" to protect American consumers' personal data. In fact, just 38 per cent say that they're able to locate all of an individual's personal data quickly, and this could put brands in the firing line of the EU.

As early as last summer, Facebook was advertising for a data protection officer, which the company chose to carve out a space for in its European headquarters, according to IAPP. One of the reasons this is so important is because of the significant fines under the new regulation. In this indirect scenario, offshore entities should expect to be required to sign up to detailed contractual provisions essentially requiring compliance with the GDPR. Penalties for breach of some obligations under GDPR can reach Euro 20 million or 4% of global annual turnover, whichever is the higher, putting GDPR compliance at the very top of the list of concerns for firms in nearly every industry sector. While there are always challenges in how the interlocking laws of multiple jurisdictions apply to emerging technologies, particularly distributed and multi-participant technologies such as DLTs (whether public/permissionless or private/permissioned), the idea that we have entered some crypto-powered utopia where regulation can be ignored is simply untrue. Any data breach that impacts the rights of data subjects must be reported to the Information Commissioner's Office (ICO) within 72 hours maximum.

PII, as understood in the US, is typically confined to identifiers such as name, social security number, date and place of birth, and biometric, medical, educational, financial and employment records. That encompasses identifiers included within the USA definition of PII and additionally includes online identifiers such as email address, cookie ID, IP address, browsing habits, location data and so on.

Headlines about the GDPR make tough reading for organisations.

You must demonstrate an understanding of the type of personal data you hold, how it is collected, how it is being used and where it is going.

"Those measures should ensure an appropriate level of security, including confidentiality, taking into account the state of the art and the costs of implementation in relation to the risks and the nature of the personal data to be protected". But the way Facebook built everything makes it seem like the company would rather offer you ways out of dealing with privacy settings in the hope that you don't make any changes down the road. GDRP compliance lays the groundwork for improved data security. This must be evidenced by specific contractual paperwork that meets the content requirements of the GDPR.

Facebook Says Users Must Accept Targeted Ads Even Under New EU Law