clock menu more-arrow no yes mobile

Filed under:

What you need to know about Facebook’s new privacy settings

Facebook is starting to roll out new data privacy settings thanks to a law out of Europe.

Facebook chairman and CEO testifying before Congress about Facebook’s data privacy practices in April 2018.
Facebook chair and CEO Mark Zuckerberg testifies before Congress about Facebook’s data privacy practices in April 2018.
Chip Somodevilla/Getty Images
Emily Stewart covers business and economics for Vox and writes the newsletter The Big Squeeze, examining the ways ordinary people are being squeezed under capitalism. Before joining Vox, she worked for TheStreet.

If your Facebook page starts to look different or the platform starts asking you whether you’re okay with having your data shared in the coming weeks or months, you’ll have Europe to thank for it: The company has begun to roll out Facebook privacy changes to comply with a new data protection measure in the European Union.

Late on Tuesday, Facebook announced the first steps it is taking to comply with the General Data Protection Regulation, or GDPR, a new privacy law out of Europe designed to make sure users know and understand the data companies collect about them and consent to sharing it. Set to be enacted on May 25, the GDPR is the most sweeping overhaul of online privacy in more than two decades.

Starting this week, Facebook is introducing what it called new “privacy experiences,” said Facebook chief privacy officer Erin Egan and deputy general counsel Ashlie Beringer in a post laying out the changes.

The announcement seeks to cast the changes as something Facebook wanted to do — which, given the company’s past bad behavior in protecting user data and Mark Zuckerberg’s history of privacy violations and apologies — it probably did not.

European users will start to see changes this week; they’ll be prompted to agree to certain elements of Facebook and asked to give the terms of service a second look. Facebook users in the US and the rest of the world are expected to get the same treatment “on a slightly later schedule.”

Here’s what Facebook says is changing, starting with Europe:

  • Facebook will prompt users to say whether they want to see targeted ads based on the political, religious, and relationship information they’ve shared on their profiles or data collected by Facebook’s partners. They’ll also make it easier for people to delete information they don’t want shared.
An example of Facebook’s new privacy settings on face recognition technology.
An example of Facebook’s new privacy settings prompting users on data sharing for targeted ads.
  • Users in the European Union and Canada will be asked whether they want to turn off Facebook’s face recognition feature it uses to, for example, suggest tagging you in pictures posted by others. (Face recognition technology is already optional for anyone on Facebook.)
  • Facebook will prompt users to agree to its terms of service and data policy, which was updated earlier this month.
  • People under the age of 18 will have some special features, including requiring parent or guardian permission for those between the ages of 13 and 15 to see targeted ads in some European countries, and restricted sharing and less personalized ads. Later this year, Facebook will introduce a new “global online resource center” for teens.

Facebook said new settings and privacy shortcut features it unveiled last week were built with GDPR in mind and will start appearing this week. They essentially make Facebook’s privacy tools easier to find, including those that let you locate, download, and delete your Facebook data. (Vox’s Jen Kirby has an explanation of how to do that, and what you’ll discover Facebook has been tracking about you is pretty wild.)

New Facebook settings asking about face recognition technology.
An example of Facebook’s new privacy settings on face recognition technology.

Facebook’s GDPR adjustments are a first step in a long road ahead toward fixing its data privacy problems

The Cambridge Analytica scandal, which left the data of an estimated 87 million people exposed, has kicked off a global debate about Facebook’s privacy practices and just how much it knows — and shares — about its users.

Before news of the scandal broke, Europe, which has traditionally been tougher on big tech, had the GDPR ready to go. But in the United States, lawmakers and regulators have been caught flat-footed. There are a handful of ideas out there for cracking down on Facebook in the US, including the proposed Honest Ads Act on political ad disclosures online and potential action from the Federal Trade Commission, but most of them are in nascent stages at best.

Zuckerberg, Facebook’s CEO and chair, testified for several hours before Senate and House committees last week, and the results were less than satisfying. Many lawmakers, specifically in the Senate, seemed confused about what Facebook does and what its problems even are. Much of the time, Zuckerberg pivoted to easier answers or said his team would follow up.

“Right now Congress can’t even decide on lunch, so I don’t expect them to do anything meaningful,” Kara Swisher, a veteran tech journalist and executive editor of Recode, recently told Vox’s Sean Illing.

Zuckerberg has said many of the GDPR-required changes will be applied globally, though he has largely stopped short of specifics. As European users start to see changes this week, the rest of us will have to wait and see.