Facebook is launching new privacy controls following the Cambridge Analytica scandal.
The new features, in compliance with the European Union’s General Data Protection Regulation (GDPR) that will come into effect on May 25, should give Facebook users more control over how they share their data on the platform. Every user regardless of their location will be asked to review their privacy options and accept or manage the new settings.
For instance, you may be asked to confirm that you’d like to continue sharing your political views, religious beliefs and relationship information on your public profile that malicious actors could harvest for political marketing and social engineering.
EA law sets special rules and protections around the processing of so-called “Special Categories of Personal Data,” such as your religious views, political views and whether you’re interested in men or women.
If you decide to keep this information on your profile, Facebook will share it with the people you specifically choose and use it to personalize the service. You’ll also be able to manage this via a new screen or edit this information directly from your profile.
Per GDPR, EU users will see contact details for Facebook’s Data Protection Officer.
EU users will see the new permission screens this week
Face recognition, which the social network uses for tagging and other purposes, shall return to the European and Canadian markets as an opt-in following a ruling seven years ago that the company collected biometric data without proper user consent.
Facial recognition features are used to suggest relevant people tags when you upload new photos, to detect if others might be attempting to use your image as their profile picture and so forth. Face recognition is kept off for anyone under age 18.
Deleting profile information should be easier than before, Facebook said in a blog post.
Additionally, users will be asked to confirm whether they’d like to allow Facebook to use data from apps and websites that use the Like buttons to display relevant ads.
In compliance with GDPR, the social network will ask every teen if they want to see ads based on data from apps and websites, and whether they want to include personal information in their profiles—even where the law doesn’t require this. Moreover, Facebook is limiting further who can see or search specific information teens have shared, like hometown or birthday.
Teens between 13 and 15 in some EU countries will need permission from their parent or guardian to turn on ad targeting or to add information such as “interested in” to their profiles.
Like before, you can opt out of these types of ads entirely.
“Facebook is an advertising-supported service,” said Facebook’s deputy chief privacy officer Rob Sherman at a press briefing Wednesday. “All ads on Facebook are targeted to some extent and that’s true for offline advertising, as well,” he added.
For those wondering, Facebook data collection continues even when you’re not using the service because Facebook tracks your web activity via the Like or Share buttons, the Facebook login system used on many websites, conversion Pixel or Audience Network ads and more.
“When you visit a site or app that uses our services, we receive information even if you’re logged out or don’t have a Facebook account,” the company acknowledged. “This is because other apps and sites don’t know who is using Facebook.”
These new privacy controls will begin rolling out to European users first, ahead of the GDPR which is set to come into effect in May, and will expand to all users globally afterward.
“We’ve also updated our Activity Log on mobile to make it easier for people to see the information they’ve shared with Facebook from their mobile device,” they said.
As for the overhauled, GDPR-compliant Settings and Privacy shortcuts that we previewed last month, these will also begin popping up this week.
Be sure to peruse TechCrunch’s informative flaw-by-flaw guide to Facebook’s latest GDPR changes for an excruciatingly detailed breakdown of the pros and cons concerning these upcoming privacy controls.