Last year at this time, Facebook Global Deputy Chief Privacy Officer Stephen Deadman announced the company’s plan for appointing a data protection officer: The person would reside in Ireland, sit outside of the legal team, likely be aligned with the global policy team, and the recruitment process was underway.

Today, Facebook announced the follow-up: Deadman, himself, will serve as the company’s inaugural DPO.

“I'm delighted that Stephen will be Facebook's first Data Protection Officer,” Facebook CPO Erin Egan said in a prepared statement. “He's been a strong advocate for protecting people's privacy and improving how Facebook and other companies design for privacy. This is one of the most important steps in our compliance with the GDPR, and Stephen will ably represent the interests of people who use Facebook across the EU.”

Deadman, who served as Vodafone CPO before coming to Facebook three years ago, had been the non-U.S. privacy policy leader and will now take over DPO duties for the entire “Facebook family of companies,” including Facebook, Instagram and WhatsApp. As a company where the processing of personal data is part and parcel of operations, Facebook clearly saw that it was legally required to have a DPO.

“In this new role,” according to a Facebook release, Deadman “will lead a dedicated team responsible for, among other things, responding to people’s questions about their data, monitoring and reviewing Facebook’s compliance with the GDPR, and reporting to the Board. This new team will be given all resources necessary to ensure we meet our obligations under the GDPR and continue to improve on protecting people’s privacy.”

Laura Juanes Micas, who currently serves as Facebook's director of privacy for Latin America, will take on Deadman’s current role leading international policy.

Deadman declined to comment today, but as he noted in an interview with The Privacy Advisor last year, “While working closely with the legal team, the DPO performs a different role. An important part of the DPO’s role is operational. Just as important as giving advice and guidance is monitoring processes and systems, putting in place new processes and documentation for compliance, and working with cross-functional teams to ensure we have the best arrangements to deliver compliance in practice. There is, therefore, a strong programmatic element to the role.”

As Facebook looked for someone with “extensive experience engaging with data protection authorities,” someone “experienced at presenting to executive management at the very highest levels,” and someone with knowledge not only of technology issues but also technology’s potential social and economic impact, the organization likely couldn’t find a ton of available talent.

This reporter wondered at the time how many data protection experts might be out there with the requisite qualifications listed in Facebook’s job description. Today, we find out that they’ve determined they already had the best person for the job on staff. 

Photo credit: Sole Treadmill facebook via photopin (license)