Research finds Facebook holds personally identifiable data on 40% of EU population

The EU’s massive General Data Protection Regulation (GDPR) will go into effect on May 25, which introduces harsher restrictions on how businesses can use and store the personal data of their customers. This will greatly affect foreign tech companies that operate within the EU, since they cannot use personal data as freely and as lucratively as they used to.

Facebook is one of those companies and it will have to completely change its approach to personal data — at least for their European users — according to a recently published study by researchers at the University Carlos III of Madrid.

The study reveals that Facebook labels over 73 percent of its EU users with interests linked to sensitive personal data, which corresponds to 40 percent of the overall EU population. This means that the data of around 205 million Europeans isn’t completely anonymous and their identities could be determined from Facebook’s stored data — possibly endangering the users’ privacy and making them vulnerable to phishing attacks.

This practice is strictly against the EU’s upcoming law as it prohibits the exploration of categories of personal data that can result in privacy risk — such as political orientation, religious beliefs, sexual preferences, etc.

In their conclusion, the researchers — José González Cabañas, Ángel Cuevas, and Rubén Cuevas — state that one of the reasons Facebook keeps a record of its users interests is to improve ad preferences, meaning that the company is “commercially exploiting sensitive personal data for advertising purposes.” Something forbidden by the new GDPR, and punishable with fines equal to four percent of the company’s annual global turnover.

They also encourage the American tech giant to react to the findings of the study and change its approach to personal data as soon as possible:

We illustrate how FB users that have been assigned sensitive ad preferences could face serious privacy risks since the identity of some of them could be unveiled at low-cost through simple phishing-like attacks.

The results of our paper urge a quick reaction from Facebook to eliminate from its ad preferences list all those that can be used to infer the politic orientation, sexual orientation, health conditions, religious believes or ethnic origin of a user for two reasons:
(i) this will guarantee that Facebook complies with the GDPR,
(ii) it will preserve the privacy of the users from attackers that aim to unveil the identity of groups of people linked to (very) sensitive information.


The researchers estimate...

Read The Full Article

 

0 Comments Write your comment

    1. Loading...