
Facebook use of sensitive data for advertising in Europe [pdf] - lbeziaud
https://arxiv.org/abs/1802.05030
======
lbeziaud
Abstract: _The upcoming European General Data Protection Regulation (GDPR)
prohibits the processing and exploitation of some categories of personal data
(health, political orientation, sexual preferences, religious beliefs, ethnic
origin, etc.) due to the obvious privacy risks that may be derived from a
malicious use of such type of information. These categories are referred to as
sensitive personal data. Facebook has been recently fined €1.2M in Spain for
collecting, storing and processing sensitive personal data for advertising
purposes. This paper quantifies the portion of Facebook users in the European
Union (EU) who are labeled with interests linked to sensitive personal data.
The results of our study reveal that Facebook labels 73% EU users with
sensitive interests. This corresponds to 40% of the overall EU population. We
also estimate that a malicious third-party could unveil the identity of
Facebook users that have been assigned a sensitive interest at a cost as low
as €0.015 per user. Finally, we propose and implement a web browser extension
to inform Facebook users of the sensitive interests Facebook has assigned
them._

