Greetings from Brussels!

This week continues to see diverse privacy commentary resulting from the Facebook-Cambridge Analytica saga. Recently, Facebook CEO Mark Zuckerberg said that the company is already complying with "parts" of the GDPR, but that Facebook wasn’t planning to comply with "all" of it worldwide. Zuckerberg, in his exclusive interview with Reuters, wouldn’t comment in detail: "We're still nailing down the details," he said. It was interesting, however, that Zuckerberg did say Facebook would comply with the GDPR privacy provisions in "spirit" globally. The fallout from his comments was swift, and Zuckerberg has since refuted the Reuters story, saying, "Is it going to be exactly the same format? Probably not. We'll need to make sense in different markets with different laws in different places. But let me repeat this, we're going to make all the same controls and settings available everywhere, not just in Europe." I’m intrigued to know more, and how this will be implemented, as I am sure you all are.

Zuckerberg also stated this week that the firm was aggressively fighting the misuse of data, using artificial intelligence to fight online trolls and more. He also made a key announcement, that Facebook will have up to 20,000 employees working in the field of digital trust on content review and data security issues by the end of the year.

In some of the ripple news, an interesting story emerged out of Sweden this week, where the Swedish Consumers’ Association is demanding higher levels of consumer data protections in the financial industry,  stating that privacy is now the biggest consumer issue — even more of a concern then industry business practices. Now bear in mind that Scandinavia, generally, has the reputation of being a very tech-savvy region of the world. Sweden has been a global pioneer in digital banking and cashless payments facilitating the tracking of consumer behavior and purchasing analytics. Now there is a growing fear around the compounded growth in technological advances and its impact on personal data, where national (and EU) law is seemingly struggling to keep up to extend evolved protection to citizens.  

Sweden is known for having tougher banking rules than most places; however, for digital regulation, things are a bit more liberal. Their intersection is where the potential problems appear. Sweden’s finance industry is big on open banking allowing third-party companies to directly access customer accounts once their consent is given. How that customer personal data is used and harvested in the name of "consumer choice" is potentially vague to the average person — despite the fine print. At Sweden’s Financial Supervisory Authority, the feeling is that the development so far doesn’t warrant any additional intervention. However, according to the national consumer association, Swedes are feeling more cautious toward their banks, with the industry already ranking lowest in consumer surveys.

On a final note, I’d like to mention that IAPP Europe will be traveling to Manchester early next week for the ICO’s annual Data Protection Practitioners’ Conference. If you’re in town, pop by our booth (#7) and say hello to the team: We do like a chinwag with the privacy community. Tell us how you’re getting on — 48 days till GDPR.