Facebook Dating Launch Blocked In Europe After It Fails To Show Privacy Workings (techcrunch.com) 16
An anonymous reader quotes a report from TechCrunch: Facebook has been left red-faced after being forced to call off the launch date of its dating service in Europe because it failed to give its lead EU data regulator enough advanced warning -- including failing to demonstrate it had performed a legally required assessment of privacy risks. Yesterday, Ireland's Independent.ie newspaper reported that the Irish Data Protection Commission (DPC) -- using inspection and document seizure powers set out in Section 130 of the country's Data Protection Act -- had sent agents to Facebook's Dublin office seeking documentation that Facebook had failed to provide.
In a statement on its website, the DPC said Facebook first contacted it about the rollout of the dating feature in the EU on February 3. "We were very concerned that this was the first that we'd heard from Facebook Ireland about this new feature, considering that it was their intention to roll it out tomorrow, February 13," the regulator writes. "Our concerns were further compounded by the fact that no information/documentation was provided to us on February 3 in relation to the Data Protection Impact Assessment [DPIA] or the decision-making processes that were undertaken by Facebook Ireland." At the time of its U.S. launch, Facebook said dating would arrive in Europe by early 2020. It just didn't think to keep its lead EU privacy regulator in the loop, despite the DPC having multiple (ongoing) investigations into other Facebook-owned products at this stage. A Facebook spokesperson said in a statement: "It's really important that we get the launch of Facebook Dating right so we are taking a bit more time to make sure the product is ready for the European market. We worked carefully to create strong privacy safeguards, and complete the data processing impact assessment ahead of the proposed launch in Europe, which we shared with the IDPC when it was requested."
In a second statement, the Facebook spokesperson added: "We're under no legal obligation to notify the IDPC of product launches. However, as a courtesy to the Office of the Data Protection Commission, who is our lead regulator for data protection in Europe, we proactively informed them of this proposed launch two weeks in advance. We had completed the data processing impact assessment well in advance of the European launch, which we shared with the IDPC when they asked for it."
In a statement on its website, the DPC said Facebook first contacted it about the rollout of the dating feature in the EU on February 3. "We were very concerned that this was the first that we'd heard from Facebook Ireland about this new feature, considering that it was their intention to roll it out tomorrow, February 13," the regulator writes. "Our concerns were further compounded by the fact that no information/documentation was provided to us on February 3 in relation to the Data Protection Impact Assessment [DPIA] or the decision-making processes that were undertaken by Facebook Ireland." At the time of its U.S. launch, Facebook said dating would arrive in Europe by early 2020. It just didn't think to keep its lead EU privacy regulator in the loop, despite the DPC having multiple (ongoing) investigations into other Facebook-owned products at this stage. A Facebook spokesperson said in a statement: "It's really important that we get the launch of Facebook Dating right so we are taking a bit more time to make sure the product is ready for the European market. We worked carefully to create strong privacy safeguards, and complete the data processing impact assessment ahead of the proposed launch in Europe, which we shared with the IDPC when it was requested."
In a second statement, the Facebook spokesperson added: "We're under no legal obligation to notify the IDPC of product launches. However, as a courtesy to the Office of the Data Protection Commission, who is our lead regulator for data protection in Europe, we proactively informed them of this proposed launch two weeks in advance. We had completed the data processing impact assessment well in advance of the European launch, which we shared with the IDPC when they asked for it."
Again? (Score:2)
It was already blocked yesterday.
" Facebook Dating Launch Blocked in Europe After it Fails To Show Privacy Workings (techcrunch.com) 29
Posted by msmash on Thursday February 13, 2020 @02:01PM "
Re:Again? (Score:4, Funny)
The first one was from the "how-about-that" department.
This one is from the "hold-your-horses" department.
Completely different.
DupeDot (Score:2)
https://tech.slashdot.org/stor... [slashdot.org]
Slashdot banned in Europe (Score:2)
Riddled with bullshit (Score:4, Informative)
The facebook statements are actually riddled with b.s. and misinformation or misunderstanding. I'm inclined to suspect the former because GDPR is not rocket science [gdpr-info.eu] it is actually regarded as basic competence of IT professionals here. You register the type of data being used, you provide the commissioner with the contact details of the data controller and have processes in place to ensure the law is obeyed.
it failed to give its lead EU data regulator enough advanced warning is an attempt to paint the Information Commissioner as somehow slow or inefficient, when they in fact conducted the inspected inside 24 hours.
"We're under no legal obligation to notify the IDPC of product launches. However, as a courtesy to the Office of the Data Protection Commission, who is our lead regulator for data protection in Europe, we proactively informed them of this proposed launch two weeks in advance. We had completed the data processing impact assessment well in advance of the European launch, which we shared with the IDPC when they asked for it."
While the first sentence is strictly true it is misdirection to the point of being disingenuous. The Data commissioner has no interest in your product it is very concerned with the personal private data captured, stored, processed and share. This must all be done with process transparency and the safeguards.
Registration is not a courtesy it is the law, it is compulsory. FB were not proactive, they were reactive to the inspection, only providing the necessary documentation after they had already failed the inspection.
Re: (Score:3, Insightful)
Re: (Score:3)
For Facebook to sell advertising space, it must have office in each country and that becomes the target. Can they screw over Facebook, in a heart beat, target their ad revenue and their ability to sell ads. Then issue warrants for senior executives, and if they ever touch down in the EU, arrest them. They can also apply for extradition as appropriate, with regards to criminal actions they carried out in the EU. There are whole range of enforcement powers, the least of which is blocking Facebook for access t
whoosh parrot much? (Score:3)
The enforcement was against their Irish subsidiary, not an American company. If they operate in the EU they are subject to our laws.
I'm shocked! Shocked, I say. (Score:1)
Facebook wants to know who you're fucking: How much privacy does that allow?
What exactly is legal? (Score:2)
It is not required that Facebook shares this proactively with the authorities, see the relevant dataprotection.ie website [dataprotection.ie]:
Should the Data Protection Commissioner be consulted on completion of the DPIA?
If, during th
Facebook is a prime target ... (Score:2)
Facebook is a prime target for privacy activist here in Europe. I'd say for a good reason, but that's beside the point.
For this reason, Facebook can be sure that on day one of their dating service, there will be inquiries whether all regulations have been properly observed. So for Facebook and the Irish DPC, investigating the compliance before the launch or after the first complaint is only a difference of a few days. And for Facebook it'll definitely less embarrassing if they have it checked beforehand.