The Court of Justice of the European Union recently ruled that anyone who runs a fan page, group or other pages on facebook can be held partly responsible for any breach of GDPR compliance regarding the users of the page, even if the breach does not originate from the page itself. Similarly, if a Page admin fails to comply with the GDPR, Facebook may be held partly liable as the provider of the platform that made the collection and use of the infringing data possible. This depends on Facebook’s Insights tool, which allows Page admins to view demographic data about Page visitors, such as their location, interests, and location.
This precedent means that a number of businesses, fan pages and Facebook groups around the world will need to take additional steps to ensure GDPR compliance on their pages. The ruling does not apply to fully anonymized data, but any aggregated data that can be traced back to individual users, such as Facebook user data that feeds into the Insights tool for Pages, is covered by the GDPR, which means that any collection and use of this data must comply with GDPR guidelines. The decision that set a precedent concerns the German education society Wirtschaftsakademie Schleswig-Holstein. In 2011, the company was ordered to take down its Facebook page for failing to tell users that Facebook was collecting their data, a fact officials said they were unaware of at the time. The case came to a close on Tuesday, with GDPR gaining momentum to avoid “accountability gaps”.
Today’s news is another ripple effect of the EU’s relatively new General Data Protection Regulation. GDPR is a powerful, global set of rules that allow for heavy fines and other penalties against any company or entity that fails to process customer and user data in a manner that complies with the law. Specifically, all data that is not fully anonymized, even aggregated data, must be kept secure, and the customer from whom the data was collected must not only know that the data collection is taking place and why, but also be able to request specific authorization. data at any time.