Damian Collins questioned Facebook’s Chief Technology Officer, Mike Schroepfer, on the social network’s data protection practices at a Committee hearing in April.
Following the hearing, and in a letter sent to Facebook’s Head of Public Policy (PDF), Rebecca Stimson, he also posed questions that Mike Shcroepfer was unable to answer on the day, including:
- How many clicks or swipes does it take to alter your Facebook privacy settings on a smartphone?
- What steps are you taking to reduce the lengthy process of changing one’s privacy settings?
- What is the percentage of sites on the internet on which Facebook tracks users?
In answer to the last question, we can reveal one website: Julie4Sunderland.co.uk.
Julie4Sunderland.co.uk is maintained on behalf of Julie Elliott MP, a fellow member of the Digital, Culture, Media and Sport Committee. It serves third-party content from Facebook and upwards of 18 cookies on visitor’s computers.
Likewise, websites of fellow members Jo Stevens, Simon Hart, Julian Knight, Ian Lucas, Rebecca Pow and Giles Watling are also collecting data on behalf of the social networking giant from their visitors.
The websites of Julian Knight, Ian Lucas, Giles Watling and Rebecca Pow also collect data on visitors for Twitter. Meanwhile, Rebecca Pow’s website sets third-party cookies from YouTube.com.
Damian Collins’s website features a cookie message however the link in the message takes the user to a contact page that contains a form that requests the user’s name and email address.
The page on which the form resides contains a link that activates a modal window and encourages the user to sign-up for Damian Collins’s email newsletter.
Moreover, the Parliamentary page for the Digital, Culture, Media and Sport committee is also setting and serving third-party cookies and content from Twitter.
According to a report from Sia Partmers, FTSE 100 companies have spent upwards of £15 million each to comply with the new regulation.
An Indivigital analysis last month discovered the EU’s website, Europa.eu, is serving third-party content and spreadsheets containing names, addresses, email addresses and mobile phone numbers of delegates who attended its various events and conferences.
EU institutions and agencies are not subject to the GDPR until a new regulation, which is “aligned” to the GDPR and governs data protection within the EU institutions, comes into force later this year.
Under the new regulation, the European Data Protection Supervisor (EDPS) will have the power to, “as a last resort,” fine EU institutions up to 500,000 EUR for contraventions.
Under the GDPR, private organizations can face fines of up to 20 million EUR or 4 percent of annual turnover (whichever is higher).