Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Facebook Spars With EU Regulator Over Dating App Delay

Facebook and its Irish data regulator gave conflicting signals Thursday about what caused the tech giant to postpone the European launch of its vaunted dating app.

Facebook and its Irish data regulator gave conflicting signals Thursday about what caused the tech giant to postpone the European launch of its vaunted dating app.

The California-based behemoth stood up a chunk of its 2.5 billion monthly users on the eve of Valentines Day by admitting that Facebook Dating would not be ready for its hyped Thursday debut in the EU.

The new feature has been trying to conquer young US hearts since September and was introduced to Asian users in Thailand in November. It began testing in Colombia in 2018.

But things are more complicated in the European Union because of the bloc’s beefed-up data protection rules.

Brussels introduced the General Data Protection Regulation (GDPR) in 2018 to give people more control over their privacy settings — an especially sensitive issue for Facebook.

The company operates in Europe out of Dublin and is regulated by Ireland’s Data Protection Commission (IDPC).

Both sides rejected blame for the delay and neither could say how long it would last.

The regulator said Facebook only informed it about the new product’s launch on February 3.

Advertisement. Scroll to continue reading.

But a senior IDPC official said Facebook provided regulators with no data security assessment until they searched its Dublin office on Monday.

Facebook told AFP that it was “under no legal obligation” to inform the regulator about anything.

The regulator’s deputy commissioner Graham Doyle told AFP that this was technically true.

But Doyle added that the IDPC had no choice but to look into the inner workings of the feature once it realised Facebook was about to make it available to millions of potential EU users.

“We were obviously going to look into this product launch,” Doyle said in a telephone interview.

“We followed the path we had to follow. Once Facebook came to us that late in the day, we weren’t in a position to complete the assessment.”

– ‘A courtesy’ –

GDPR has stumped other big US media firms.

The Chicago Tribune’s parent company is still not GDPR compliant and the 147-year-old newspaper remains inaccessible in Europe without virtual private networks (VPNs) — simple devices that mask a user’s location.

But Facebook cannot rely on VPNs to thrive and must work with the Irish authorities.

It therefore needed to prove to the IDPC that it was not putting the data of its new feature’s users in “high risk”.

That required a Data Protection Impact Assessment — something the Irish regulator said it only procured during its search of the company’s office on Monday.

Facebook told AFP it had completed the assessment “well in advance” and shared it with the regulator “when they asked for it”.

The IDPC submitted a list of questions to Facebook about its assessment on Tuesday.

Yet it had already become apparent that Facebook would not be able to answer everything by Thursday and the IDPC announced the delay on its website on Wednesday.

It remains unclear why Facebook waited until the start of February to inform the IDPC about the launch.

Facebook said it gave the IDPC two weeks’ notice and not 10 days.

The regulator said it would have simply had to request the exact same data assessment from Facebook if it had launched the app without any notification at all.

Facebook told AFP that it informed the IDPC about the feature in advance “as a courtesy”.

Related: Privacy Fears Raised Over Facebook Messaging Apps Integration

Related: Irish Regulator Investigates Facebook Over Exposed Passwords

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.