Why Europe's privacy clampdown may not solve Facebook's data scandal woes

Think about your interaction with Facebook as a relationship. Now, imagine being at dinner with someone new and they say they are recording the conversation, taking your fingerprints, tracking your movements and they are going to share all of that data with everyone—without your knowledge or consent.

According to Matt Erickson, executive director at the Digital Privacy Alliance, that unpleasant scenario is what his colleagues are working against and what Europe’s sweeping new privacy regulations taking effect on May 25 are meant to help prevent.

During his recent Capitol Hill testimony, Facebook CEO Mark Zuckerberg said his company already has controls in place to comply with Europe’s General Data Protection Regulation (GDPR) and told lawmakers they’d likely extend some of those protections to its 2.2 billion users globally. As with anything, the hard part is in the details.

Despite the coming crackdown—the GDPR includes the right to be forgotten, the ability to easily change privacy settings without sifting through legalese and the provision that users must give affirmative consent to share their data—the new regulations may not be enough to prevent another Cambridge Analytica data scandal, or something even more pernicious, in the future.

The GDPR is backed up by potential penalties of up to 4 percent of annual revenue for tech companies that don't comply with the rules.

IMAGE DISTRIBUTED FOR AVAAZ - While Mark Zuckerberg prepares to testify before the Senate, 100 cardboard cutouts of the Facebook founder and CEO stand outside the U.S. Capitol in Washington on Tuesday, April 10, 2018. Advocacy group Avaaz is calling attention to hundreds of millions of fake accounts still spreading disinformation on Facebook, and calling for the social media giant to submit to an independent audit. (Kevin Wolf/AP images for AVAAZ)

Avaaz staged a protest on Capitol Hill featuring cardboard cutouts of CEO Mark Zuckerberg while he testified before U.S. lawmakers.  (AP)

MARK ZUCKERBERG ANNOUNCES 'CLEAR HISTORY' PRIVACY TOOL AHEAD OF FACEBOOK'S F8 CONFERENCE

“The real soul of GDPR is that people should be able to have a say over the use of their private data and they should have an understanding of where that data goes and what it’s being used for,” Erickson, who is also director of client services and technology at SpiderOak, said.

Zuckerberg’s company announced a recent series of revisions to its privacy settings to help it comply with the GDPR. However, the updated settings still require users to click through cumbersome screens and specifically click small links to opt out of giving your data to Facebook.

“You should not have to dig into apps and preferences in order to opt out of these features. With GDPR, it should be privacy by default,” Diego Naranjo, senior policy adviser at European Digital Rights (EDRi), told Fox News. The EDRi is an association of civil and human rights organizations focused on digital privacy and rights.  

Erickson said the GDPR is a “reaction toward the tech industry not taking responsibility to be upstanding partners in a relationship with their users."

Privacy experts are divided over whether the new regulations will do enough to protect the massive amount of data that tech firms continue to collect and monetize.

“A lot of Americans just don’t like to be tracked. Whether it’s left or right, you have people who can voice exactly why they don’t want to be tracked by major corporations,” said Erickson. “We’re going to start seeing increased popular support for first world-grade privacy protections.”

Facebook CEO Mark Zuckerberg pauses while testifying before a joint hearing of the Commerce and Judiciary Committees on Capitol Hill in Washington, Tuesday, April 10, 2018, about the use of Facebook data to target American voters in the 2016 election. (AP Photo/Andrew Harnik)

Facebook CEO Mark Zuckerberg testifies before U.S. lawmakers about data privacy, Cambridge Analytica and election integrity.  (AP)

WHATSAPP CEO JAN KOUM IS LEAVING FACEBOOK AMID REPORTED DISPUTES

Some of those stringent privacy protections are already in place, depending on where you live.

Residents of Illinois have been protected under the Biometric Information Privacy Act, which is one of the strictest laws of any state regarding consent, notice and disclosure procedures that private entities must follow when they collect, store or use residents’ biometric data, such as fingerprints, facial images or iris scans. Violators face fines of $1,000 to $5,000 per violation depending on intent.  

“In an elevator, you don’t opt out of security. The elevator is safe by default and it should be the same for hardware and software,” Naranjo said.

Others have argued that Facebook, Google and other tech firms are missing out on a chance to make privacy the center of what they do.

“Data protection could be at the forefront of their business to say ‘we are using GDPR to protect you,’” said Naranjo. “The law is quite strong. It’s a bad strategy, going against your customers, when you can use [the privacy regulations] to your benefit.”

“We’re saying [the GDPR] can actually encourage new, more innovative companies to move into spaces that Facebook and Google have been ignoring.”

- Matt Erickson, executive director at the Digital Privacy Alliance

Erickson told Fox News that the backlash over online surveillance is starting to hurt online businesses—as consumers increasingly say they don’t trust big tech with their data—and industry innovation is being stifled.

“Right now, the whole startup market is, ‘I create something cool so that Google will purchase me,’ which is weird,” said Erickson. “We’re saying [the GDPR] can actually encourage new, more innovative companies to move into spaces that Facebook and Google have been ignoring.”

"Data should be machine readable and it should allow you to move to a different service," Naranjo said.

Nevertheless, even after the GDPR takes effect, the courts may have the final word.

Facebook was ordered in February to stop collecting data on users—ruling that it had broken privacy laws by tracking people on third-party sites—or face daily finds of up to 100 million euros. The long-running battle between the Belgian Commission for the Protection of Privacy and Zuckerberg's company started back in 2015.

Christopher Carbone is a reporter for FoxNews.com. He can be reached at christopher.carbone@foxnews.com or on Twitter @christocarbone.