The Facebook / Cambridge Analytica saga continues.

We may not hear the end of this for some time yet. The fact that 3 weeks after the initial damming reports Zuckerberg is still giving media interviews, and they have rushed through some privacy enhancements tells me that Facebook is on the backfoot, and they don’t know how to play this to their advantage.

On Wednesday, Mark Zuckerberg fronted the media to admit that Facebook data of up to 87 million people – 37 million more than previously reported – may have been improperly shared with Cambridge Analytica.

Buried in the announcement was something that should be of interest to all those consumers who value their privacy.

Zuckerberg also pointed out that privacy controls being introduced to ensure Facebook complied with Europe’s general data protection regulation would be available to users globally, contrary to earlier news reports.

“We will make all the same controls and settings available everywhere not just Europe,” he said.

This is a big deal.  While GDPR comes into effect across Europe on 25th May 2018, the fact that Zuckerberg is going to make these privacy controls available to their global audience is a hat-tip to the EU regulators that the privacy considerations under GDPR are very favourable to the consumer.

Quoting from my friend Brian Solis‘ excellent write-up of the 60+ minute “town hall”:

Cecilia King, NY Times: “Mark, you have indicated that you could be comfortable with some sort of regulation. I’d like to ask you about privacy regulations that are about to take effect in Europe…GDPR. Would you be comfortable with those types of data protection regulation in the U.S. and with global users.”

Zuckerberg: “Regulations like the GDPR are very positive…We intend to make all the same controls and settings everywhere not just Europe.”

This is an excellent step. Companies such as Facebook are now looking at the GDPR legislation as the benchmark for how consumer data is handled, and this is a good sign.

It also puts in notice every other company in the world. Do you give only your European users the First-Class privacy control tools (because you are regulated to do so) and give every other user the economy treatment?

What Mark has done (assuming he follows through) is raise GDPR as the gold standard for privacy controls. Companies that do not offer this perhaps do not take user data seriously, and should be lobbied to change. 

To refresh yourself on the new European privacy rules, here is a primer on GDPR from TechCrunch.

Does the Facebook view of GDPR as the baseline measure affect your GDPR plans? Will you offer a GDPR level of control to all of your users no matter where they are in the world?

Time to rethink your GDPR and data strategy …

Many people have asked me how they can navigate the GDPR legislation and become GPDR ready.

For those in London, I have partnered with a GDPR expert to host a series of day-long GDPR workshops that will ensure you are GDPR ready.

Everything you need is included:

  • Workbook
  • Gap analysis questionnaire
  • Readiness dashboard
  • Action plan
  • Checklists
  • Full guide and toolkit
  • Editable template documents

Head to and take advantage of a 50% discount.