Data dilemma: Facebook and new EU rules show need for local strategy

When Brad Dwyer founded Hatchlings Inc. in an Iowa State University dorm room in 2008, he couldn’t have predicted what the social media landscape would become.

Dwyer’s mobile games company requires a few basic permissions for users to play using Facebook’s API (application programming interface): Hatchlings needs a user’s name, email address and Facebook social graph, which is the list of friends also playing Hatchlings games.

It takes more sensitive data to open a department store credit card, and yet today, businesses like Hatchlings are watching two tectonic shifts in the digital landscape.

First, Facebook suffered massive media fallout after news in March that third-party service Cambridge Analytica purchased user data from a rule-abiding personality profile application. The user data was then sold to President Donald Trump’s campaign team in the 2016 election cycle.

“The biggest change for us is that all of our apps are going to have to be re-reviewed by Facebook for all the permissions that we get,” Dwyer said. “We’ll have to submit a screen recording of where we use your friends list and why we need that permission.”

Hatchlings had previously released a game that allowed mobile users to play without using Facebook as an identifier, which stored data in the user’s device rather than the cloud. The company did see users make the switch to a Facebook-free version, rather than using the Facebook login.

“I can’t imagine why you would want to build a Facebook application and not have the social data,” Dwyer said. “At least them having a record of how each app says that they’re using the data probably will be helpful in the future.”

Meanwhile, the second shift occurred. Data privacy laws pushed by the European Union hummed in the background of the U.S. media cycle — until the days leading up to May 25, when the EU’s General Data Protection Regulation (GDPR) officially became law, affecting everyone from Facebook itself to the small-scale online businesses.

Hatchlings Inc. has two mobile apps on the market, Hatchlings and Puzzlings. The majority of Hatchlings’ users are in the U.S., Canada, Australia and the United Kingdom — which, while still in the EU, is undergoing the so-called Brexit from the international union.

Hatchlings has already written a script to comply with the GDPR’s “right to be forgotten” regulation, and has permanently deleted data from one user who submitted a request, Dwyer said. The company, which gains most revenue from subscriptions and in-app purchases, is also reconsidering whether to continue allowing advertising within the apps.

“We don’t sell our customers’ data or anything like that. Just being cognizant that if people request to delete their data, we have a way of doing that,” Dwyer said.

“We’re mostly just following the lead of other, bigger companies and trying to see how everything shakes out,” he added.

For the full story – including what to know about the GDPR, and what local business leaders are saying – view the Business Record story here