Bradley attorney David Lucas was quoted in Law.com on Facebook’s compliance with the European Union’s General Data Protection Regulation (GDPR) in the wake of the Cambridge Analytica scandal. Facebook has already started prompting EU and Canada users to consent to targeted advertising, data collection, and use of facial recognition technology.
A data processor’s responsibilities are outlined in the GDPR. Article 28, however, notes that controllers like Facebook only use processors that guarantee appropriate processing measures that comply with GDPR requirements “and ensure the protection of the rights of the data subject.”
Lucas explained that under the GDPR, processors are obligated to “purge every bit” of information requested. “I don’t know that any of the data mining companies are that well prepared to do that,” he added, noting that this is where EU regulators are “going to target some of their enforcement activities.”
Lucas said, “As you get further down that food chain, are they as advanced” as Facebook at data mining? Likely, regulators would encounter “some small entrepreneurial companies that are not as sophisticated” and “less technologically capable of mapping those data sets” as major companies in risk of falling afoul of GDPR compliance.
The complete article, “Facebook’s GDPR Challenge and the Conundrum of Consent,” appeared in Law.com on May 4, 2018.