Can EU’s new data regulation put an end to social media defiance?


With two months ticked off the calendar, 2018 has been a whirlwind for social media. Facebook oversaw various changes to their algorithm and an overhaul in their employee operations as a result of the upcoming application of EU data regulation. The release of their privacy principles last month has been a prime testament of that change.

But their docility was countered with EU Commission’s claims last week that the company, along with Twitter and Google, is not in line with several aspects of EU consumer law. Their negotiations highlight the inherent conflict of interests between the institution and the social media empire and begs the question of how interaction with social media will transform over the next year.

With less than three months to go before the general data protection regulation (GDPR), companies are rushing to comply on the eve of the biggest reform to EU data laws since the birth of the internet.

Social media companies have overseen the biggest changes. Twitter will see a new set of guidelines issued in March as a result of months of negotiations between the company and EU regulators, and Facebook’s privacy principles have been the focal point of change in their operations.

The company’s chief operating officer Sheryl Sandberg said they will also be introducing multiple user security features and online tutorials on how to ensure the safety of personal data.

Chief privacy officer at Facebook Erin Egan posted to Facebook’s blog in January, saying “we recognise that people use Facebook to connect, but not everyone wants to share everything with everyone – including with us.

“It’s important that you have choices when it comes to how your data is used.”

But Facebook’s track record stands against them and the move seems suspiciously philanthropic for an entity that never seemed to hold user privacy to high regard.

In 2015 Facebook came under fire from regulatory authorities in the UK and Germany after its subsidiary WhatsApp changed the terms and conditions to facilitate the sharing of user-related information with its parent company for ad targeting purposes.

The platform’s friend-suggesting algorithm was also a source of various controversy after it was accused of breaching privacy by tapping into users’ history trends for its People You May Know feature. Last year it was reported to reveal sex workers’ identities by suggesting their personal profiles to clients, and vice versa.

The moment that marked a real watershed in Facebook-EU relations was the Max Schrems case, in which the EU Court of Justice prohibited the transfer of user data to the company’s servers in the US –where it ruled it would be in violation of the EU Charter of Fundamental Rights.

Facilitating cross-border transfer of information is one of the core principles of the GDPR. When customer data is transported to any state outside the bloc, the Commission makes an adequacy decision to ensure the said state can provide a substantial level of protection of the held data.

Under the new regulation, public authorities and companies monitoring or processing data on a large scale must appoint Data Protection Officers to oversee the processing of data and facilitate any public requests to have information amended or erased, as well as notify users in the event of a potential data breach within a 72-hour time-frame.

In the half-decade of delicate negotiations, social media operators have smoothed out their differences with the EU and came to compliance with the bloc’s legislation (even if ever so slightly). However, their nonchalance towards EU consumer laws in the past year has caused an increasingly-impatient Commission to make its sentiments known.

The Commission flagged some of the companies’ terms and conditions last year, accusing some of the guidelines of making the operators immune to consumer legislation. 

It criticised the decree banning people from taking court proceedings against the companies in their home country and making the operators answerable only to California state law – where the companies’ headquarters sit.

The Commission also instructed Twitter to amend the terms giving them complete control over content removal and said it needs to introduce steps for users to appeal a decision by the company’s administrators if they believed their content was wrongfully erased.

EU Commissioner for consumers and justice Vera Jourová said: “It is unacceptable that this is still not complete and it is taking so much time. This confirms that we need a ‘New Deal for Customers’: EU consumer rules should be respected and if companies don’t comply, they should face sanctions.”

A spokesperson for Twitter told the Financial Times that the company are continuously working with the Commission to ensure “industry-leading levels of consumer protection.”

The company’s new guidelines are due to come into effect at the end of March; until then, the Commission will be closely screening Silicon Valley’s top brass.

A perfect plan has been laid for the months ahead but the stiff negotiations may prove that absolute compliancy is more a myth rather than a practical solution. The coming months will show whether government regulation can meet with commercial self-interest, or if this play is destined to go on.