Facebook Inc., the multinational social media giant has a prolonged history of data privacy breaches. The company has had its fair share of lawsuits in relation to privacy violations over the past decade with many ongoing at the time of this writing. On 25th May 2018, the General Data Protection Regulation(GDPR), the stringent privacy regulation got enforced by the European Union with privacy violations costing hefty penalties. As Facebook issued a public statement that the company is GDPR compliant, this research attempt to understand how GDPR adherence changed /or not the way Facebook handles the processing of user’s personal data. The research is carried out from Facebook users’ perspective to understand the efficacy of any measures the company has taken in order to adhere with GDPR. This research also attempts to understand the level of conviction users has on Facebook’s data processing since it embraced GDPR. The research also revises Facebook’s data sharing for digital marketing before and after GDPR.
The literature review takes the reader back in time and attempts to provide an insight into the data breaches Facebook had over the years to the very present ones. The research does a deep dive on what caused these breaches to create an understanding of where the problem lies. Following that the paper introduces GDPR to its readers and defines the role of Facebook on the scenarios under which the company act as a “controller” and when it acts as a “data processor”.
The subsequent sections attempt to critically analyse the major articles of GDPR that are applicable to Facebook. Each section does scrutiny on the steps the company has taken to achieve compliance on GDPR. The sections also examine how Facebook was handling those scenarios before GDPR. This analysis is intended to bring out the differences if any on the way Facebook used to handle data processing before GDPR.
The chapters following the literature review take the reader through an in-depth data analysis on the survey that was conducted with 152 participants. This is followed by analysis of interview outcomes on the discussions over the survey results. Based on the inference derived from data analysis and literature review, the author brings in the discussion on why the measures taken by Facebook for achieving GDPR compliance were not successfully accepted
by the users. The research concludes leaving a question to the users intending to remind on the magnitude of the responsibility they share alongside Facebook on data privacy.