On May 25, a set of regulations will go into effect across the European Union that will change how businesses handle the online data of their customers, giving users far more visibility into what companies know about them.
Facebook—one of the largest data collectors on the web—is currently in the middle of a massive scandal around the way that it’s handled the data of millions of its users. CEO Mark Zuckerberg has apologized publicly and has committed to making sure it’s more transparent in the way it shares users’ data. In the EU, the General Data Protection Regulation (GDPR) legislation is forcing the company’s hand. As it’s hinted recently, Facebook will be introducing a new set of privacy protections as a result of GDPR, and it outlined what’s changing in a blog post April 17. These updates will affect all users, regardless of whether they’re in Europe or not.
Here’s a quick run-down of what is changing:
Facebook will now ask users whether they want their personal data to be shared with advertisers so that ads on the platform will (theoretically) be more targeted to their interests. The social network will also ask users if it wants to keep sharing personal information that they’ve shared in the past on their profile—such as religious and political views, interests, and relationship statuses—and if they want to keep this information up there.
It’s also going to ask users in the EU and Canada if they want to keep allowing Facebook to scan their photos using its facial-recognition technology. Facebook says it uses the technology to protect its users’ privacy, and to make it easier to tag yourself and your friends in photos. But if the scanning feels too Big Brother for you, you’ll now easily be able to turn it off. (For what it’s worth, you already can turn it off, but the option is buried in the settings menu.)
Last month, the company unveiled new tools to make it easier for users to revoke the data permissions of any app that users have connected to Facebook, as well as download and delete all the information users have posted to Facebook over the years. These tools will now be rolling out more widely around the world.
GDPR stipulates specific privacy protections for younger users of the internet, and Facebook already has some protections in place. For example, facial recognition is turned off for anyone under 18, and advertisers can’t market to them in the same way they target adults. GDPR requires teens aged 13 to 15 to get permission from a parent or guardian to be targeted around their religious and political views, and their interests, for ads. Until parents allow access, these teens will not see targeted ads on Facebook. In areas outside of the EU, Facebook will ask teens if they want to share information with advertisers, but won’t require permission from an adult.
Users in the EU should see the requests to manage their data between now and when GDPR goes into effect next month. Facebook said that users in the rest of the world will likely see the changes “on a slightly later schedule,” and that the pop-ups might look a bit different for different regions. “We’ll present the information in the ways that make the most sense for other regions,” it said.