Facebook has been forced to pull the launch of its European dating service, because it failed to assure the EU regulators that it had fully assessed privacy risks.
According to TechCrunch, Ireland’s Independent.ie newspaper reported that the Irish Data Protection Commission (DPC) — using inspection and document seizure powers set out in Section 130 of the country’s Data Protection Act — had sent agents to Facebook’s Dublin office seeking documentation that Facebook had failed to provide.
In a statement on its website, the DPC said Facebook first contacted it about the rollout of the dating feature in the EU on February 3.
“We were very concerned that this was the first that we’d heard from Facebook Ireland about this new feature, considering that it was their intention to roll it out tomorrow, 13 February,” the regulator writes. “Our concerns were further compounded by the fact that no information/documentation was provided to us on 3 February in relation to the Data Protection Impact Assessment [DPIA] or the decision-making processes that were undertaken by Facebook Ireland.”
Facebook announced that it was getting into dating back in May 2018, with CEO Zuckerberg saying: “There are 200 million people on Facebook who list themselves as single – so clearly there’s something to do here.”
Pledging to be all about “long term relationships, not hook ups”, the company is looking to move into the space later this year – and most industry insiders say that it is aimed at taking on the likes of Match, eHarmony and OKCupid, rather than Tinder.
In a statement, Facebook says: “It’s really important that we get the launch of Facebook Dating right so we are taking a bit more time to make sure the product is ready for the European market. We worked carefully to create strong privacy safeguards, and complete the data processing impact assessment ahead of the proposed launch in Europe, which we shared with the IDPC when it was requested.”
The statement continues: “We’re under no legal obligation to notify the IDPC of product launches. However, as a courtesy to the Office of the Data Protection Commission, who is our lead regulator for data protection in Europe, we proactively informed them of this proposed launch two weeks in advance. We had completed the data processing impact assessment well in advance of the European launch, which we shared with the IDPC when they asked for it”.
Matt Meckes, co-founder of experience design and software company Cohaesus, however, believes that the social network needs to be very careful about data: “Since its inception in 2004 Facebook has been dominating the technology industry but like many organisations it has not adjusted to the changes in data protection. The delay in its dating service shows how difficult it is for an organisation the size of Facebook to change its philosophy around data. Facebook’s tendency to capture everything on its users, even when they don’t know what the data could be used for, has made privacy and data protection a major obstacle for the business.”
He adds: “Customers shouldn’t be viewed as data banks, where companies extract everything and anything they can about a user. Large companies, like Facebook, often view data as a free commodity they can retain forever as soon as it is saved on their data system.”
Meckes concludes: “Attitudes to data need to change and although steps are being taken to hold internet giants to account, like the introduction of GDPR, companies also need to take responsibility. No matter how big or small, all companies should be required to only store data they truly need, and during the process demonstrating why they need that data and what it would be used for. The European courts did a great job in holding Facebook to account and we hope they continue to do so no matter how influential a company is.”
