Facebook in Europe is about to get massively disrupted by new laws meant to bring it to heel
- Facebook might look extremely different for European users next month.
- That's because a new EU law means the company has to ask for your explicit permission to use your data, and explain how it uses your data for advertising.
- That means Facebook will explicitly ask if you are happy to continue giving information about your sexual orientation, political views, and even race.
- Facebook will have to be extremely in-your-face with its permissions, one legal expert told Business Insider.
Facebook, in theory, will look pretty different to its European users after May 25.
Specifically, the company will have to ask all of its users whether they are explicitly happy giving up data on their race, ethnic origin, political views, religion, and sexual orientation - and are happy to have that data used to inform targeted ads.
As a Facebook user, you might think you have already given that consent, having updated your sexual preferences back in 2010. But now Facebook has to ask you again whether you really do want that data on your profile. If it doesn't have your explicit consent, storing that data will be illegal, let alone using it for targeting ads.
That's thanks to the GDPR (General Data Protection Regulation), a new European law that experts say is clearly designed to bring Facebook, Google, and other web giants to heel.
We are not talking about small consent checkboxes either, according to Mark McCreary, chief privacy officer at legal firm Fox Rothschild and co-chair of its privacy and data security practice.
"The thing that will really change is that it's specific opt-in," he told Business Insider. "It's not just by using a button and saying 'I opt in.' It will need to be disruptive to the experience. And the concern right now is that consumers will say 'No, we don't want you using data for targeting ads at me.'"
We don't know what a "disruptive" Facebook opt-in experience might look like and, as regulation that's meant to apply very broadly, the GDPR doesn't go into this level of detail. A Facebook FAQ geared towards advertisers outlines when brands or Facebook itself must obtain consent from the users - but doesn't detail how.
The company will also have to allow users to easily "port" their data away from Facebook to a competing service. And it will have to explain who is processing users' information and why.
It isn't clear how the company is going about meeting any of these requirements, though it did tell the Financial Times that meeting the standards would cost several million dollars.
"I haven't heard any solutions from Facebook to get ahead of the problem yet," Facebook watcher and Pivotal analyst Brian Wieser told Reuters.
Europe accounts for around 25% of Facebook's revenue
The changes are highly disruptive for Facebook, which has so far relied on the idea that users opt out, rather than opt in to giving away their information. You share huge amounts of data with Facebook by default, and it has taken multiple scandals and campaigns to get the firm to introduce more granular privacy controls.
A combination of GDPR and the recent Cambridge Analytica scandal has the company scrambling to again make sweeping changes to its privacy settings. And it has choked off access to third-party developers because it hasn't been able to police how apps might collect and misuse user data.
And according to Politico, Facebook is already running opt-in tests ahead of GDPR with a small group of users.
What isn't clear is what happens if you refuse to opt-in. Facebook won't kick you off its platform entirely, but it will probably mean certain features that make your life easier won't be available.
For example, Facebook's facial recognition technology is not currently available within the EU, because it violates European privacy law. McCreary predicted there might be more features that European users won't be able to access.
The worst-case scenario is that a bunch of users see the explicit consent request, opt out, and deprive Facebook of data in one of its most valuable advertising markets. According to a recent Goldman Sachs analysis, Facebook could lose 7% of its revenue (about $2.8 billion) post-GDPR. That accounts for users spending less time on Facebook, and the loss of potential ad revenue.
According to public filings, Europe accounted for 25% of Facebook's $13 billion revenues in the fourth quarter last year, bringing in $3.3 billion. That's bigger than every other region bar the US.
"That's got to be worrying Facebook," said McCreary.