The Dutch privacy company has assessed in the so-called data protection impact assessment (DPIA) whether there are risks to the privacy of citizens when processing data on government pages on Facebook. For example, researchers have looked at the risk associated with the use of cookies. They also examined whether citizens are sufficiently informed about how Facebook processes their data.
The researchers found seven high-risk and one low-risk. For example, Facebook doesn’t clarify enough what it does with citizen data on government pages. It’s also unclear how the platform determines which posts visitors see in their news overview.
Privacy Company also concludes that Facebook uses cookies in a misleading way. The platform collects data on user behavior, but then provides insufficient information about what happens to that data. The company uses it, for example, to show personalized messages and advertisements. There are also concerns about the transfer of personal data to third parties.
Following the investigation, the ministry says it is in talks with Facebook’s parent company, Meta. “If the risks are not sufficiently removed, there is no choice but to stop using Facebook pages by the government,” writes State Secretary Alexandra van Huffelen (Digitalization).
A Meta spokesperson says in a response that Facebook Pages are GDPR compliant in the eyes of the platform. “This report is inaccurate and does not adequately reflect how our policies and tools work. In addition, the report misinterprets important aspects of the law.” The company says it will continue to talk to the government.
