Will Facebook Protect Your Data?

As you’ve probably already heard, Facebook has officially been fined $5 billion by the Federal Trade Commission (FTC) and obliged to submit to an improved privacy protection program. However, digital privacy and cybersecurity experts, including myself, say that the new requirements aren’t changing Facebook’s business model.

The record fine was imposed for violating a 2012 FTC order that resulted in "deceiving users about their ability to control the privacy of their personal information." This also led to Facebook mishandling 87 million users' data, which was later targeted by Cambridge Analytica in the 2016 US Presidential election.

In addition to the penalty, the social media giant will submit to an improved privacy protection program. While the new restrictions are welcome, unfortunately, most of them address hypothetical future Facebook features, rather than the privacy abuses that got them into trouble in the first place.

The new requirements aren’t changing Facebook’s business model—it will still massively collect users’ personal information to sell it to advertisers.

Facebook is free to do what it wants with its users’ data. Although the company is ordered to conduct a privacy report of every new product, service, or practice before it’s released, many risks or other loopholes might be overlooked. The FTC’s requirements aren’t specific enough, so the company may easily continue to violate its users’ privacy.

Facebook users cannot control how their data is used and stored, but they can reduce their data footprint. I recommend avoiding third-party Facebook apps like quizzes and games. You should also consider turning off the face recognition function and your location history and deleting your ad preferences.

Moreover, at NordVPN we always suggest reducing your Facebook activity level. The less time you spend on the platform, the less it knows about you.

Here’s a list of the FTC’s requirements Facebook will have to follow to boost its security:

• Facebook must exercise greater oversight over third-party apps, including by terminating app developers that fail to certify that they are in compliance with Facebook’s platform policies or fail to justify their need for specific user data;
• Facebook is prohibited from using telephone numbers obtained to enable a security feature (e.g., two-factor authentication) for advertising;
• Facebook must provide clear and conspicuous notice of its use of facial recognition technology, and obtain affirmative express user consent prior to any use that materially exceeds its prior disclosures to users;
• Facebook must establish, implement, and maintain a comprehensive data security program;
• Facebook must encrypt user passwords and regularly scan to detect whether any passwords are stored in plaintext;
• Facebook is prohibited from asking for email passwords to other services when consumers sign up for its services.