GDPR Calling! Facebook Has Personally Identifiable Data on Over 40% of EU Citizens


Facebook has never managed to keep the European Union happy. The company has continued to face multiple lawsuits in the region. Ahead of the General Data Protection Regulation (GDPR) rules that go into action later this year, the company has started what some are calling a massive PR campaign. However, the social networking giant that has a thing for user data and has time and again disregarded user privacy may face some major battles once these tougher privacy rules go live in the EU.

One research finds that the company currently holds personally identifiable data on over 40% of the overall EU population. "The results of our study reveal that Facebook labels 73% EU users with sensitive interests," the researchers write. "This corresponds to 40% of the overall EU population."

Apple is the World’s Most Valuable Brand According to New Survey

The study reveals that this data could be accessed by a malicious third-party for just €0.015 per user who can then unveil their identity based on the data collected by the social network.

The upcoming GDPR rules will make it particularly difficult for tech companies to exploit the personal data of their users in the EU. Data like health condition, users' political orientation, their sexual preferences, ethnic origin, religious beliefs, etc comes under sensitive personal data that can carry privacy risks to users if leaked or accessed by malicious threat actors.

This study by researchers at the University Carlos III of Madrid also revealed (via TNW) that Facebook labels over 73 percent of its EU users with their sensitive personal data. This means that the company can identify nearly 205 million Europeans based on the data it collects, putting their privacy and identity at risk.

The results of our paper urge a quick reaction from Facebook to eliminate from its ad preferences list all those that can be used to infer the politic orientation, sexual orientation, health conditions, religious believes or ethnic origin of a user for two reasons:

(i) this will guarantee that Facebook complies with the GDPR, (ii) it will preserve the privacy of the users from attackers that aim to unveil the identity of groups of people linked to (very) sensitive information.

What this data collection approach does to Facebook after GDPR rules and how the data-obsessed company moves forward in a way without stalking its users everywhere on the web will be seen once the rules go live. Otherwise the company faces up to 4% of its global turnover in fines.

The research by University Carlos III is available here.