Facebook and its Irish data regulator gave conflicting signals about what caused the tech giant to postpone the European launch of its vaunted dating app. The California-based behemoth stood up a chunk of its 2.5 billion monthly users on the eve of Valentines Day by admitting that Facebook Dating would not be ready for its hyped Thursday debut in the EU.
The new feature has been trying to conquer young US hearts since September and was introduced to Asian users in Thailand in November. It began testing in Colombia in 2018. But things are more complicated in the European Union because of the bloc's beefed-up data protection rules. Brussels introduced the General Data Protection Regulation (GDPR) in 2018 to give people more control over their privacy settings, an especially sensitive issue for Facebook.
The company operates in Europe out of Dublin and is regulated by Ireland's Data Protection Commission (IDPC). Both sides rejected blame for the delay and neither could say how long it would last. The regulator said Facebook only informed it about the new product's launch on February 3. But a senior IDPC official said Facebook provided regulators with no data security assessment until they searched its Dublin office on Monday.
Facebook told AFP that it was "under no legal obligation" to inform the regulator about anything. The regulator's deputy commissioner Graham Doyle told AFP that this was technically true. But Doyle added that the IDPC had no choice but to look into the inner workings of the feature once it realised Facebook was about to make it available to millions of potential EU users.
"We were obviously going to look into this product launch," Doyle said in a telephone interview. "We followed the path we had to follow. Once Facebook came to us that late in the day, we weren't in a position to complete the assessment."
GDPR has stumped other big US media firms. The Chicago Tribune's parent company is still not GDPR compliant and the 147-year-old newspaper remains inaccessible in Europe without virtual private networks (VPNs), simple devices that mask a user's location. But Facebook cannot rely on VPNs to thrive and must work with the Irish authorities. It, therefore, needed to prove to the IDPC that it was not putting the data of its new feature's users in "high risk".
That required a Data Protection Impact Assessment, something the Irish regulator said it only procured during its search of the company's office on Monday. Facebook told AFP it had completed the assessment "well in advance" and shared it with the regulator "when they asked for it". The IDPC submitted a list of questions to Facebook about its assessment on Tuesday.
Yet it had already become apparent that Facebook would not be able to answer everything by Thursday and the IDPC announced the delay on its website on Wednesday. It remains unclear why Facebook waited until the start of February to inform the IDPC about the launch. Facebook said it gave the IDPC two weeks' notice and not 10 days.
The regulator said it would have simply had to request the exact same data assessment from Facebook if it had launched the app without any notification at all. Facebook told AFP that it informed the IDPC about the feature in advance "as a courtesy".