Facebook Lists its Privacy Principles as EU’s Data Laws Loom

Before the European Union’s General Data Protection Regulation (GDPR) goes into effect on May 25, Facebook plans to debut a new privacy center that will be a hub for all its privacy settings. The company also published its “privacy principles” for the first time, with details of how it handles user information. Chief operating officer Sheryl Sandberg says the result will be a “good foundation” for meeting GDPR’s requirements. The GDPR limits how technology companies collect, store and utilize users’ personal information.

The Verge reports that Sandberg added, the privacy center will also “spur us on to continue investing in products and in educational tools to protect privacy.” There’s a major financial incentive to meet the GDPR’s requirements. Companies that break its regulations are “subject to fines of up to 4 percent of their global annual revenue or €20 million ($24.8 million), whichever is the higher amount.”


GDPR, which will enforce its rules across the EU’s 28 members, requires companies to report data breaches within 72 hours, and to allow users to export and delete their data. It also promotes the existing “right to be forgotten” provision that allows people to ask online companies to remove specific data about them.

Facebook’s new privacy center will “unite key privacy settings rather than spreading them across multiple pages.” A current limited feature, Privacy Check-Up, lets the user control privacy of future posts, her profile’s About Me section and app preferences. To educate users, “Facebook has also begun running short education videos in users’ News Feeds that teach users how to delete old posts, explain what happens to user information when an account is deleted, and show how to manage data used for Facebook ads.”

“We recognize that people use Facebook to connect, but not everyone wants to share everything with everyone — including with us,” said Facebook chief privacy officer Erin Egan in a blog post. Facebook, which said it is “developing resources that help other organizations build privacy into their services,” enumerated those privacy principles, for the first time.

Among those principles is that the user controls his privacy, by knowing where privacy controls are and how to adjust them. Facebook says it will “help people understand how their data is used,” with such tools as ad controls in the top right corner of every ad. It says that privacy is designed into its products “from the outset,” with “guidance from experts in areas like data protection and privacy law, security, interface design, engineering, product management, and public policy.”

Facebook also says it works “around the clock to help protect people’s accounts,” and that its “security systems run millions of times per second to help catch threats automatically and remove them before they ever reach you.” The user can also employ two-factor authentication for even more security. Users own their information on Facebook and can “decide what you share and who you share it with on Facebook” as well as delete anything they have posted. A user can also delete her account at any time.