Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News
      China nets a falling rocket in reusability race with SpaceX

      China nets a falling rocket in reusability race with SpaceX

      10 July 2026
      Battlefield tech could save lives on South Africa's roads - Dithoto Modungwa

      Battlefield tech could save lives on South Africa’s roads

      10 July 2026
      Customers prefer ChatGPT to your company's AI chatbot

      Customers prefer ChatGPT to your company’s AI chatbot

      10 July 2026
      South Africans warm to AI doing their shopping: DHL

      South Africans warm to AI doing their shopping: DHL

      10 July 2026
      OpenAI debuts ChatGPT Work - and GPT-5.6 - in enterprise push

      OpenAI debuts ChatGPT Work – and GPT-5.6 – in enterprise push

      10 July 2026
    • World
      Swingeing jobs cuts at Microsoft's Xbox unit

      Swingeing jobs cuts at Microsoft’s Xbox unit

      6 July 2026

      SK Hynix ends Samsung’s 26-year reign at the top

      22 June 2026
      Google on the hook for what its AI tells users, court rules

      Google on the hook for what its AI tells users, court rules

      15 June 2026
      How Russians juggle VPNs to outwit the Kremlin

      How Russians juggle VPNs to outwit the Kremlin

      15 June 2026
      Amazon CEO flagged Anthropic AI risks to Washington - Andy Jassy

      Amazon CEO flagged Anthropic AI risks to Washington

      14 June 2026
    • In-depth
      AI boom sparks rally, frenzy and fear

      AI boom sparks rally, frenzy and fear

      11 June 2026
      Every plug-in hybrid on sale in South Africa, ranked by price - Lamborghini Temerario

      Every plug-in hybrid on sale in South Africa, ranked by price

      7 June 2026
      What Wi-Fi 8 will mean for wireless networks

      What Wi-Fi 8 will mean for wireless networks

      1 June 2026
      Alfa's electric rebel - Alfa Romeo Junior Elettrica Veloce

      Alfa’s electric rebel

      29 April 2026
      Africa switches on as Europe dims the lights

      Africa switches on as Europe dims the lights

      9 April 2026
    • TCS
      Watts & Wheels S1E7: 'Ferrari's EV breaks the internet'

      Watts & Wheels S1E7: ‘Ferrari’s EV breaks the internet’

      8 July 2026
      TCS+ | How Tracker is turning vehicle data into business strategy - Silvia Schollenberger

      TCS+ | How Tracker is turning vehicle data into business strategy

      1 July 2026
      TCS+ | IBM Bob: an AI-powered 'development partner' for the enterprise - David Spurway

      TCS+ | IBM Bob: an AI-powered development partner for the enterprise

      30 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E6: ‘A flawless Alfa and a bakkie that divides’

      17 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E5: ‘A Bentley of the bush and a car that swims’

      8 June 2026
    • Opinion
      The author, Fanie van Rooyen

      South Africa can still catch the AI wave – here’s how

      7 July 2026
      The author, Fanie van Rooyen

      The AI utopia South Africa can’t afford

      1 July 2026
      The author, Jannie van Zyl

      South Africa’s broadband future is being decided in orbit, not in Pretoria

      30 June 2026
      The author, Pambos Soteriades

      The pivot South Africa’s MVNOs cannot afford to miss

      23 June 2026
      Brazil's online gambling crackdown is a lesson for South Africa

      Brazil’s online gambling crackdown is a lesson for South Africa

      22 June 2026
    • Company Hubs
      • 1Stream
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • Ascent Technology
      • AvertITD
      • BBD
      • Braintree
      • CallMiner
      • CambriLearn
      • CM Telecom
      • Contactable
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • HOSTAFRICA
      • Incredible Business
      • iONLINE
      • IQbusiness
      • Iris Network Systems
      • Kaspersky
      • LSD Open
      • Mitel
      • NEC XON
      • Netstar
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Telviva
      • Tenable
      • Vertiv
      • Videri Digital
      • Vodacom Business
      • Wipro
      • Workday
      • XLink
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Financial services
      • HealthTech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Policy and regulation
      • Public sector
      • Retail and e-commerce
      • Satellite communications
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
      • Watts & Wheels
    • Events
    • Advertise
    TechCentralTechCentral
    Home » In-depth » Why Facebook fears Europe’s new privacy rules

    Why Facebook fears Europe’s new privacy rules

    By Leonid Bershidsky19 April 2018
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    Facebook CEO Mark Zuckerberg and chief operating officer Sheryl Sandberg have apologised (again and again) for the company’s handling of user data. The best indication that they aren’t actually sorry, however, is the social network’s intention to change its terms of service to put all non-European users under the jurisdiction of its US headquarters rather than the international headquarters in Dublin, Ireland. That means users in Africa, Asia, Australasia and Latin America won’t be covered by the European Union’s General Data Protection Directive, which goes into effect on 25 May. The UK may also get a carve-out after Brexit.

    Facebook’s admission of the planned change comes immediately after the company effectively promised to apply GDPR protections to the entire world. “Today we’re introducing new privacy experiences for everyone on Facebook as part of the EU’s General Data Protection Regulation (GDPR), including updates to our terms and data policy,” the company wrote in a blog post on Wednesday. “Everyone — no matter where they live — will be asked to review important information about how Facebook uses data and make choices about their privacy on Facebook.” But once non-European users’ agreements are no longer with Facebook Ireland, now responsible for all of the company’s activities outside North America, they won’t be able to hold the company legally responsible for GDPR violations. In effect, they’ll be subject to toothless US privacy laws.

    Under the GDPR, companies can be fined up to 4% of their annual global revenue for not having sufficient customer consent to process data or ignoring the ‘privacy by design’ principle

    Under the GDPR, companies can be fined up to 4% of their annual global revenue for not having sufficient customer consent to process data or ignoring the “privacy by design” principle that states customers’ privacy rights must be handled as a core feature of the product, not an afterthought. In Facebook’s case, that’s US$1.6bn based on 2017 revenue. It’s natural for the company to try to limit its exposure to that kind of punishment, but it undermines its narrative of contrition and a commitment to privacy.

    It’s worth taking stock of what the GDPR requires. Perhaps most importantly, the regulation demands a granular approach to asking for consent to process personal data. Consent must be received for each separate data collection practice, explicitly, in clear and plain language. Consent must also be “as easy to withdraw as to give”, and the use of the service shouldn’t be conditional on a customer’s consent to the collection of personal data that is not directly necessary for the service itself, not just for its monetisation as in Facebook’s case.

    On all these points, Facebook currently fails. The “Privacy Settings and Tools” section of a user’s profile doesn’t ask for consent to any kind of data collection. Nor does the Data Policy contain any links to consent forms for particular types of data harvesting. Some of these forms are hidden in the “Ads” section of the profile, where most people wouldn’t look for them, and even there, I’m not asked directly to agree to give up my data.

    Incomprehensible

    For example, Facebook informs me that I’ve been accurately placed in the advertising category “Returned from travels 1 week ago” — but I have no idea how it knows that, since I haven’t posted anything on Facebook from my most recent trips nor explicitly agreed anywhere to provide that information to advertisers. I may have clicked to approve some long, incomprehensible legal document at some point to give Facebook access to my location data, but that won’t wash in Europe starting on 25 May. All I can do about it now is delete the ad category, but that won’t stop Facebook from continuing to collect the information.

    In its most recent post, Facebook uses elliptical language to promise to ask users whether they want to let it “use data from partners” to target advertising. If it took GDPR seriously, it would use plainer language: “For years, we have been collecting data about your browsing and app use outside Facebook. We use the data to place you in categories advertisers can select when buying our ads. May we continue or would you like us to stop?” That would comply with the clarity requirement and with the GDPR provision that users can object at any time to the use of their data.

    Of course, as Facebook knows, only the most carefree user will give it the right to a blanket surveillance of digital activities. Facebook doesn’t want a refusal, one reason the personal data file Facebook allows us to download doesn’t actually include Web logs — just the “ad interests” derived from them. Zuckerberg had to correct the record on that in his congressional testimony after stating several times that the file contained all the information Facebook possessed about a user. That’s not strictly in compliance with the GDPR, which requires the disclosure of data as provided by the user.

    The GDPR gives users a right to have their information erased if consent for its collection is withdrawn. As an ordinary user, I have no idea how I can do that using Facebook’s interface. In late March, Facebook promised to fix this. “It’s time to make our privacy tools easier to find,” the company wrote, as if there was also a time to make them difficult to find. But no changes have been rolled out yet. Facebook’s intention to move most of its users out of the EU jurisdiction shows full compliance with the GDPR is not desirable, so the changes most of its users will see will probably not be 100% GDPR compliant.

    That’s a big mistake in the wake of the Cambridge Analytica scandal, which raised the public awareness of Facebook’s problems with personal data handling. Pivotal Research Group analyst Brian Wieser, a long-time Facebook bear, wrote in a note released on Thursday that brand marketers will scrutinise their advertising investment in Facebook more carefully, with a sceptical eye on Facebook’s claims of precise targeting, now that it’s in doubt that users provide much of the data knowingly and willingly.

    To quote Facebook itself, “it’s time” for the company to come clean about the data it has collected for which it doesn’t have user consent under the GDPR, and to start systematically informing advertisers and investors about the number of users who have refused to provide such data. So far, Facebook hasn’t even provided accurate information about the number of fake accounts in its user base. The Pivotal Research note, for example, asserts that there were 287.4m false and duplicate accounts among Facebook’s reported 2.1bn users. In 2017, according to the note, the reported user base grew by 269m accounts, but 142m of them — almost 53% — were fakes and duplicates. Add all the people who will opt out of providing data when (if ever) they are asked clearly about it, and Facebook’s ability to sell targeted ads may be severely impaired.

    If Facebook actually complies with the GDPR, its business performance in Europe will be an indicator of how the whole company can perform if required to stop misleading users and customers about practices central to its business model. Investors should follow it closely: privacy rules will inevitably be tightened outside Europe someday, too.  — (c) 2018 Bloomberg LP

    Follow TechCentral on Google News Add TechCentral as your preferred source on Google


    Facebook GDPR Leonid Bershidsky Mark Zuckerberg Sheryl Sandberg top
    WhatsApp YouTube
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleOpenserve doubles home fibre speeds
    Next Article SA firms at high risk from Europe’s GDPR

    Related Posts

    WhatsApp eyes its next act: a global superapp

    WhatsApp eyes its next act: a global superapp

    25 June 2026
    The millions Vodacom spends protecting its CEO - Shameel Joosub

    The millions Vodacom spends protecting its CEO

    14 June 2026
    Big Tech's Big Tobacco moment has arrived

    Big Tech’s Big Tobacco moment has arrived

    27 March 2026
    Company News
    Rain supercharges 5G with Huawei

    Rain supercharges 5G with Huawei

    10 July 2026
    Africa's data centres: AI, edge computing and new energy demands - Vertiv OADC Open Access Data Centres

    Africa’s data centres: AI, edge computing and new energy demands

    9 July 2026
    The best way to automate customer engagement using AI and WhatsApp - CM.com

    The best way to automate customer engagement using AI and WhatsApp

    9 July 2026
    Opinion
    The author, Fanie van Rooyen

    South Africa can still catch the AI wave – here’s how

    7 July 2026
    The author, Fanie van Rooyen

    The AI utopia South Africa can’t afford

    1 July 2026
    The author, Jannie van Zyl

    South Africa’s broadband future is being decided in orbit, not in Pretoria

    30 June 2026

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Latest Posts
    China nets a falling rocket in reusability race with SpaceX

    China nets a falling rocket in reusability race with SpaceX

    10 July 2026
    Battlefield tech could save lives on South Africa's roads - Dithoto Modungwa

    Battlefield tech could save lives on South Africa’s roads

    10 July 2026
    Customers prefer ChatGPT to your company's AI chatbot

    Customers prefer ChatGPT to your company’s AI chatbot

    10 July 2026
    Rain supercharges 5G with Huawei

    Rain supercharges 5G with Huawei

    10 July 2026
    © 2009 - 2026 NewsCentral Media
    Built and maintained by Chronon
    • Cookie policy (ZA)
    • TechCentral – privacy and Popia

    Type above and press Enter to search. Press Esc to cancel.

    Manage consent

    TechCentral uses cookies to enhance its offerings. Consenting to these technologies allows us to serve you better. Not consenting or withdrawing consent may adversely affect certain features and functions of the website.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}