The calendar has rolled over to May and that means companies should be just about ready to comply with the European Union’s General Data Protection Regulation (GDPR) when it comes into effect on 25th May.

As that date has come closer you might have noticed many of your favourite sites updating their privacy policies in a bid to be compliant with the forthcoming regulations, and alerting you of the fact with popups asking you to review your privacy settings, or to just read and accept their updated terms and conditions.

Ahead of the F8 developer conference that’s currently underway, Facebook’s Mark Zuckerberg unveiled a new tool that will give users greater control over their data, and by extension prevent Facebook from violating those forthcoming regulations.

“In your web browser, you have a simple way to clear your cookies and history,” explained Zuck. “The idea is a lot of sites need cookies to work, but you should still be able to flush your history whenever you want. We’re building a version of this for Facebook too. It will be a simple control to clear your browsing history on Facebook — what you’ve clicked on, websites you’ve visited, and so on,” the Facebook founder said in a statement.

This is great news for fans of privacy, but there is a problem according to the developers of privacy-enhancing browser and search tools Cliqz, and it could land Facebook in hot water with the EU.

“Facebook might be GDPR-compliant for their members, but violates GDPR for non-members”, said Cliqz in a press statement we received from the company.

The firm says that while Facebook users now have the option to clear their cookies, those that don’t have a Facebook account are still at the mercy of Facebook trackers.

“The collection of data about non-users in a way that leads to shadow profiles is Facebook’s weak spot when it comes to GDPR compliance,” explains Cliqz chief executive officer Jean-Paul Schmetz.

To put it simply, Facebook puts trackers on a large number of websites: research from Cliqz reports that Facebook trackers are present in 27.1 percent of websites. With that sort of reach, it becomes almost trivial to build a profile of somebody and as Schmetz points out, these people have no way of making the social network forget about them.

The web’s greatest trackers. Image courtesy of Cliqz.

“Non-members or those who deleted their account are still being tracked and can’t do anything to prevent Facebook from building shadow profiles about them. They still won’t have any means to opt out or have their data deleted or get insights into the data Facebook has about them. We think that if Facebook continues to neglect the problem of shadow profiles, the company risks high penalties from the EU for GDPR violation,” said Schmetz.

This gives non-users a Hobson’s choice: sign up to Facebook to get a map of everything the firm knows about them, or don’t and live in blissful ignorance as their online browsing profile grows.

The danger for the social network is that it might soon be staring down the barrel of lawsuits related to the violation of GDPR regulations for people that aren’t even subscribers.

Whether the social network will address these concerns ahead of the 25th May GDPR deadline remains to be seen. Perhaps we’ll have a follow-up session from El Zuck on the second day of F8 to address the concerns of non-users.

[Image – CC 0 Pixabay]