The Dutch Privacy Company has assessed in the so-called Data Protection Impact Assessment (DPIA) whether there are privacy risks for citizens when processing data on government pages on Facebook. For example, the researchers looked at the risk associated with the use of cookies. They also looked at whether citizens are sufficiently informed about how Facebook processes their data.
The researchers found seven high risks and one low risk. For example, Facebook does not make it sufficiently clear what it does with citizens’ data on government pages. It is also not clear how the platform determines which messages visitors see in their news overview.
Privacy Company also concludes that Facebook uses cookies in a misleading manner. The platform collects data about user behavior, but then provides insufficient insight into what happens to that data. The company uses it, for example, to show personalized messages and advertisements. There are also concerns about the transfer of personal data to third parties.
As a result of the investigation, the ministry says it is in talks with Facebook parent company Meta. “If the risks are not sufficiently removed, there is no other option than to stop using Facebook pages by the government,” writes State Secretary Alexandra van Huffelen (Digitisation).
A spokesperson for Meta says in a response that Facebook pages comply with the GDPR in the eyes of the platform. “This report is inaccurate and does not properly reflect how our policies and tools work. In addition, the report misinterprets important aspects of the law.” The company says it will continue to talk to the government.
