Government Facebook pages pose privacy risks, according to ministry

Facebook does not make sufficiently clear what it does with citizens’ data on government pages. It is also unclear how the platform determines which posts users see in their news feed. This emerged Friday from research commissioned by the Dutch Ministry of Internal Affairs.

The Dutch Privacy Company assessed in a so-called Data Protection Impact Assessment (DPIA) whether there are privacy risks for citizens in data processing on government pages on Facebook. For example, the researchers looked at the risk in the use of cookies. They also looked at whether citizens are adequately informed about how Facebook processes their data.

The researchers found seven high risk and one low risk. Among other things, Facebook does not make sufficiently clear what it does with citizens’ data on government pages. Nor is it clear how the platform determines which posts visitors see in their news feed.

Facebook presents an incomplete cookie policy

Privacy Company also concludes that Facebook uses cookies in a misleading way. The platform collects data about users’ behavior, but then does not provide sufficient insight into what happens to that data. For example, the company uses it to show personalized messages and ads. There are also concerns about the transfer of personal data to third parties.

The ministry says it is in talks with Facebook parent company Meta as a result of the investigation. “If the risks are insufficiently removed, there is no other option than to stop the use of Facebook pages by the government,” writes State Secretary Alexandra van Huffelen (Digitalization).

A spokesperson for Meta commented that in the platform’s view, Facebook pages comply with the AVG, the Dutch version of the GDPR. “This report is inaccurate and does not properly reflect how our policies and tools work. Additionally, the report misinterprets important aspects of the law.” The company says it remains in talks with the government.