facebookJust last week, the GDPR came into force, but privacy advocates immediately got down to work to put the law to the test by getting granular on Facebook, including its subsidiaries Instagram and WhatsApp.

Their complaints are mainly about popups prompting users to give consent if they want to continue using Facebook’s services and not being barred. Some reflect on what's at stake right now, which could be nothing less than the future of our digital economy.

Even eMarketer.com asked the prevailing question: Can Advertisers Still Trust Facebook? and sat down with Carolyn Everson, vice president of global marketing at Facebook, in the wake of the Cambridge Analytica controversy to discuss the company’s relationship with advertisers.

Everson argued the whole industry is dealing with the same issue of how to balance targeted advertising and privacy. She said: “It will require the company to do a better job educating consumers and giving consumers full control of how that advertising experience—and the overall experience with their own data—plays out.”

She seems to be right, when looking at Facebook's quarterly financial data, released for the first time since the Cambridge Analytica revelations. The results show no sign of advertisers or users abandoning the platform and the company's performance was considerably stronger than many observers, including eMarketer, had expected.

Isn’t it staggering?  In its privacy settings, Facebook had made pre-settings regarding the range of data processing – concerning, for instance, the target group postings, the activation of the location service for the Facebook messenger and the release of the link to the user history in search engines. The user had to change the default settings to prevent the corresponding data processing. Facebook’s terms of use also included a clear name obligation and a set of pre-formulated statements (for example, consent to the transfer of data to the US and its use by Facebook in commercial, sponsored or related content). In addition, users had to confirm they had read the data policy.

Anyway, the EU court now ruled that the defaults in the Privacy Center breached data protection law. The mere offer of a "privacy tour" on the website during registration is not sufficient indication of the extent of data processing. It lacks sufficient information for making a free, comprehensively informed decision, which is crucial. Even an implied consent by continuing the use cannot be accepted due to lack of knowledge of the consent and the commitment of the user to provide correct personal data is also ineffective, since the user gives his consent to the processing of these data without having received sufficient information.

In general, it has been difficult to formulate an effective consent to data processing so far, and the new data protection law makes things even more complicated - e.g. a coupling ban is added or a minimum age for effective consent is introduced (from 16 years).

In the future, the General Data Protection Regulation (GDPR) will invoke more likely a legitimate interest in data processing, but the verdict also shows that catching up with the data handling process is obviously no easy task.

"Facebook’s user engagement is holding steady, which indicates—at least for now—that users are getting about the same amount of value out of being a Facebook user as they were before,’” said eMarketer's Peart.

While growth remains steady, Facebook is taking steps to protect its content and data by doubling the number of people working on content security. To start with, Facebook shut down Partner Categories last month, a product that enabled third party data providers to offer their targeting directly on the platform, eMarketer.com highlighted. And this comes at a time when few people are comfortable sharing their personal data via third parties.

By Daniela La Marca