Even Europe's New Privacy Laws Can't Regulate Facebook

Tom and Jerry. Wile E. Coyote and Roadrunner. Governments and Facebook.

Somehow, the little guy keeps evading the bigger one's grasp.

Lately, it seemed as though the European Union got pretty close to pinning down Facebook in a way that would actually protect consumers from abuses of their personal data. However, the New York Times and the Wall Street Journal revealed that laws intended to rein in data-guzzling tech companies like Facebook and Google, may in fact strengthen the hold those companies have on users and their data.

The deadline for the EU's new set of laws — General Data Protection Regulation (GDPR) — is fast approaching. The law requires companies that leverage user data, like Facebook, to make user agreements clear and concise. The user needs to be able to understand these terms and conditions, and how they affect their own privacy online.

Silicon Valley giants, most notably Facebook, are making a big show to comply. They're tweaking their user interfaces and publicizing internal guidelines as the law requires — even if it's mostly to avoid penalties that may include hefty fines.

GDPR was the first formidable law designed to make Silicon Valley accountable for how it's handling user data, an example that perhaps the U.S. could follow should it somehow grow the cojones to regulate big tech companies.

On paper, GDPR is clearly a step in the right direction. But even GDPR, upon closer scrutiny, lacks the specificity necessary to threaten to tech companies’ dominance, or even prevent a data disaster like Cambridge Analytica.

Though Facebook is making the required changes for European users, it's clear that the company only cares about user data protection as much as it has to. Zuckerberg has announced plans to double its safety and security team (people in charge of moderating abuses on the platform) from 10,000 to 20,000 employees, and announced it will introduce an appeals process, where users can request reviews if their post was taken down without breaking any of Facebook's community rules.

No one reads the user agreements, so it’s easy for tech companies to include whatever is necessary to satisfy the law, but to continue to function however they please (no one is quite sure how the law will be enforced, or how strictly).

And if they continue with business as usual, they're ignoring a very real threat: once private user data lands in the wrong hands, things can go south very quickly. We've seen the results first hand: from meddling with democratic elections to furthering hate speech and prosecution of ethnic minorities.

But these seem like small solutions to much larger problems that will continue to persist.

And, frankly, why would it? As history shows, the big players like Facebook are the ones who often even profit from regulation because they have the capital to comply with the law, pushing out startups that might have presented competition.

Users, you would think, could take a stand and demand the true reform GDPR promised. But that's not happening, and perhaps we should stop demanding that from them. For all the frenzy around #deletefacebook, users aren't leaving the platform in droves (if Zuckerberg is to be believed). And those that have stayed don't seem particularly bothered to revise their privacy settings. Facebook has frequently updated these settings, introducing shortcuts and adding calls-to-action. But little has changed as a result.

If legislation benefits the companies it means to regulate, and users aren't doing much about it, where do we go from here? We've seen an emergence of open-source, decentralized social media networks popping up across the board that are trying to redefine the way we interact with social media. And their ideas are promising: rather than exploiting users, every user could benefit by getting a cut from the effort they invest in it. But people aren't joining en masse, at least, yet.

Unfortunately, it may take another big data breach, another violation of users trust in their social media platforms, to force governments to come up with a more effective solution for regulating the likes of Facebook. That is, if Facebook will still be relevant by then.