By Erin Egan, Facebook VP and Chief Privacy Officer, Policy and Ashlie Beringer, VP and Deputy General Counsel
In recent weeks we’ve announced several steps to give people more control over their privacy and explain how we use data.
We’re introducing new privacy experiences for everyone on Facebook as part of the EU’s General Data Protection Regulation (GDPR), including updates to our terms and data policy. Everyone – no matter where they live – will be asked to review important information about how Facebook uses data and make choices about their privacy on Facebook. We’ll begin by rolling these choices out in Europe this week.
Asking People to Review How We Use Data
As soon as GDPR was finalized, we realized it was an opportunity to invest even more heavily in privacy.
We not only want to comply with the law, but also go beyond our obligations to build new and improved privacy experiences for everyone on Facebook. We’ve brought together hundreds of employees across product, engineering, legal, policy, design and research teams. We’ve also sought input from people outside Facebook with different perspectives on privacy, including people who use our services, regulators and government officials, privacy experts, and designers.
We’ll ask everyone on Facebook to make choices about:
Ads based on data from partners. Ads on Facebook are more relevant when we use data from partners, like websites and apps that use business tools such as our Like button. We’ll ask people to review information about this type of advertising, and to choose whether or not they want us to use data from partners to show them ads.
Information in their profile. If you’ve chosen to share political, religious, and relationship information on your profile, we’ll ask you to choose whether to continue sharing and letting us use this information. As always, including this information on your profile is completely optional. We’re making it easier for people to delete it if they no longer want to share it.
Allowing face recognition technology. Our face recognition features help protect your privacy and improve your experiences, like detecting when others might be attempting to use your image as their profile picture and allowing us to suggest friends you may want to tag in photos or videos. We’ve offered products using face recognition in most of the world for more than six years. As part of this update, we’re now giving people in the EU and Canada the choice to turn on face recognition. Using face recognition is entirely optional for anyone on Facebook.
We will also ask people to agree to our updated terms of service and data policy, which include more detail in response to questions about how our services work. We’re not asking for new rights to collect, use or share your data on Facebook, and we continue to commit that we do not sell information about you to advertisers or other partners. While the substance of our data policy is the same globally, people in the EU will see specific details relevant only to people who live there, like how to contact our Data Protection Officer under GDPR. We want to be clear that there is nothing different about the controls and protections we offer around the world.
People in the EU will start seeing these requests this week to ensure they have made their choices ahead of GDPR coming into effect on May 25. As part of our phased approach, people in the rest of the world will be asked to make their choices on a slightly later schedule, and we’ll present the information in the ways that make the most sense for other regions.
Introducing Better Tools to Access, Delete and Download Information
The new Settings and Privacy Shortcuts features we announced last month were built with GDPR in mind, and people will start seeing them this week. Our recently-expanded tools for accessing your information will allow people to see their data, delete it, and easily download and export it. These tools are available globally, although we designed them to comply with GDPR too. We’ve also updated our Activity Log on mobile to make it easier for people to see the information they’ve shared with Facebook from their mobile device.
Providing Special Features for Young People
GDPR recognizes the importance of providing special protections and experiences for teens. We’ve built many special protections into Facebook for all teens, regardless of location. For example, advertising categories for teens are more limited, and their default audience options for posts do not include “public.” We also keep face recognition off for anyone under age 18 and limit who can see or search specific information teens have shared, like hometown or birthday. Later this year we’ll introduce a new global online resource center specifically for teens, and more education about their most common privacy questions.
Under GDPR, people between the ages of 13 and 15 in some EU countries need permission from a parent or guardian to allow some features on Facebook — seeing ads based on data from partners and including religious and political views or “interested in” on your profile. These teens will see a less personalized version of Facebook with restricted sharing and less relevant ads until they get permission from a parent or guardian to use all aspects of Facebook. Even where the law doesn’t require this, we’ll ask every teen if they want to see ads based on data from partners and whether they want to include personal information in their profiles.
Beyond today’s announcements, we’ll keep improving. We’re committed to making sure people understand how we use their information and how they can control it.