Facebook Audience Targeting Methods Facing GDPR Investigation

Facebook is due to come under the scrutiny of the European Union’s General Data Protection Regulation (GDPR) once after a complaint was submitted by the UK Information Commissioner Office (ICO) to the Irish Data Protection Commission (DPC) that refers to the social media giant’s user targeting tactics.

Recently Facebook been criticised after a number of news reporters showed how simple it is to post fake advertisements that look like they are sponsored/funded by real politicians. Other reports cluded targeting people with extremely conservative views and opinions.

The Irish Data Protection Commission is the relevant body to examine the complaint as the Facebook European headquarters is located in Dublin. A spokesperson for the DPC, Graham Doyle said: “Once this referral has been received by the DPC, we will assess the information and decide then what steps are required.”

In a 113-page report sent to the British Parliament today ICO say that: “We are in the process of referring other outstanding issues about Facebook’s targeting functions and techniques used to monitor individuals’ browsing habits, interactions and behaviour across the internet and different devices to the Irish Data Protection Commission.”

At meeting earlier today Head of ICO Elizabeth Denham told the UK Parliament’s Digital, Culture, Media and Sport Committee: “Facebook needs to change, significantly change, their business model and their practices to maintain trust. We have uncovered a disturbing disregard for voters´ personal privacy. Social media platforms, political parties, data brokers and credit reference agencies have started to question their own processes – sending ripples through the big data eco-system.”

Before the introduction of GDPR on May 25 this year ICO sanctioned Facebook with a £500,000 fine just last month in relation to its dealings with the well publicised Cambridge Analytica scandal. When it happened this was the maximum penalty allowed under the British Data Protection Act 1998. In the new GDPR regime this amount could be much higher as the maximum penalty is €20m or 4% of annual global revenue, whichever figure is larger. Using the 2017 financial statistics for Facebook this would have been around £17m as Facebook had total revenue of €35.41 billion/£30.9bn.

Responding to the news a Facebook spokesperson defended its approach to audience targeting  stating: “We regularly engage with regulators regarding our advertising tools, which we believe fully comply with EU data protection laws”. Separately, commenting to the Guardian newspaper Facebook revealed that: “We have learnt that some people may try to game the disclaimer system by entering inaccurate details and have been working to improve our review process to detect and prevent this kind of abuse.”

This is just the most recent investigation that Facebook has had to face up to since the introduction of GDPR. In September it was a report showed that up to 50m users of the social network may have had their privacy breached in a hacking attack when an individual exploited vulnerability to gain access to databases.