According to recent research by Privacy International popular apps are still sending data to Facebook without user’s permission. Apparently this happens immediately when the app is opened by a user and it’s illegal according to European Union’s (EU) General Data Protection Regulation (GDPR)
According to Wikipedia, the General Protection Regulation “is a regulation in EU law protecting data and privacy for all individuals within the EU as well as any personal data reported outside the EU. The GDPR’s primary function if to give control to individuals over their personal data and to simplify the regulatory environment for international businesses.”
Also, according to the GDPR, all businesses or entities who have control over personal data of individuals are to have explicit technical organizational measures in place to safeguard personal data so that it’s not made available publicly without express consent of the individual.
Facebook says it is aware of this and has tried to fix the problem with its software development kit (SDK), however, approximately 68% of app developers are still using the old SDK version and are not downloading the newer version. While some who have used the newer SDK version are still having problems with data being transmitted before they even have a chance to make the right selections to prevent data from being sent to Facebook.
This is a serious predicament of app developers as they can be fined 4% of revenues for non-compliance to the GDPR. Some of the more popular apps are finding themselves sending data to Facebook without their users permission are MyFitnessPal, TripAdvisor, Kayak and Skyscanner.
A Skyscanner spokesperson said: “We were not aware that data was being sent to Facebook in this way without prior consent from our users, which went against our own internal rules on the integration of third-party technologies. We are still investigating how this happened.”
Facebook has designed an app called Clear History which it hopes will be part of the solution. The social media company also said that app developers can do something on their end by turning off automatic data gathering and also delay sending app analytics.
“Prior to our introduction of the ‘delay’option, developers had the ability to disable transmission of automatic event logging data, except for a signal that the SDK had been initialized.”Facebook told Privacy International in an emailed statement, “Following the June change to our SDK, we also removed the signal that the SDK was initialized for developers that disabled automatic event logging.”
Facebook is making attempts to comply to the GDPR by providing solutions like Clear History as well as providing options for app developers to request consent for data collection. Facebook instituted these possible solutions a month after the GDPR went into effect.
It is important to note that the GDPR is not a directive but a regulation and is therefore enforceable and app developers are subject to fines if they do to not comply.