Facebook's Updated Privacy Policy Breaches EU Law, Belgian Study Claims; Other Countries Investigating

from the must-try-harder dept

Europeans have a rather ambivalent attitude to Facebook. On the one hand, millions of them love using it. On the other, many people are worried about the huge stores of personal information it is building up on its users — and what it does with it. This has led to various attempts by the Austrian Max Schrems to find out what Facebook knows about him — and to establish whether its handling of his data is compliant with EU data protection laws. Separately from those efforts, the Belgian privacy commission has been investigating Facebook’s privacy policy. It asked researchers at a pair of local universities to provide an analysis. Here’s what they found, as reported by the Guardian:

A report commissioned by the Belgian privacy commission has found that Facebook is acting in violation of European law, despite updating its privacy policy.

Conducted by the Centre of Interdisciplinary Law and ICT at the University of Leuven in Belgium, the report claimed that Facebook’s privacy policy update in January had only expanded older policy and practices, and found that it still violates European consumer protection law.

The report runs to over 60 pages (pdf). The key findings are as follows:

To be clear: the changes introduced in 2015 weren’t all that drastic. Most of Facebook’s “new” policies and terms are simply old practices made more explicit. Our analysis indicates, however, that Facebook is acting in violation of European law. First, Facebook places too much burden on its users. Users are expected to navigate Facebook’s complex web of settings (which include “Privacy”, “Apps”, “Adds”, “Followers”, etc.) in search of possible opt-outs. Facebook’s default settings related to behavioural profiling or Social Ads, for example, are particularly problematic. Moreover, users are offered no choice whatsoever with regard to their appearance in “Sponsored Stories” or the sharing of location data. Second, users do not receive adequate information. For instance, it isn’t always clear what is meant by the use of images “for advertising purposes”. Will profile pictures only be used for “Sponsored Stories” and “Social Adverts”, or will it go beyond that? Who are the “third party companies”, “service providers” and “other partners” mentioned in Facebook’s data use policy? What are the precise implications of Facebooks’ extensive data gathering through third-party websites, mobile applications, as well recently acquired companies such as WhatsApp and Instagram?

Unfortunately for Facebook, this is just the start of a much wider investigation across Europe:

The Belgian Privacy Commission is also part of a European task force, which includes data protection authorities from the Netherlands, Belgium and Germany. [Leuven University’s] ICRI/CIR and [Vrije Universiteit Brussel’s] iMinds-SMIT will continue to support the Privacy Commission in the context of its investigation and future updates to the report will also be shared with their German and Dutch colleagues.

The Guardian notes that other European groups are scrutinizing Facebook’s privacy policy:

Facebook is already being investigated by the Dutch data protection authority, which asked Facebook to delay rollout of its new privacy policy, and is being probed by the Article 29 working party formed of data regulators from individual countries across Europe, including the UK?s Information Commissioner?s Office.

Looks like Facebook has a busy few years ahead of it — and what applies to Facebook is also likely to apply to a host of other companies that offer online services based on gathering large amounts of personal data in Europe.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: , , , , ,
Companies: facebook

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Facebook's Updated Privacy Policy Breaches EU Law, Belgian Study Claims; Other Countries Investigating”

Subscribe: RSS Leave a comment
Anon E. Mous (profile) says:

well no sense in breaking tradition now.

Facebook & Privacy shouldn’t even be in the same sentence considering Facebook’s whole revenue is derived from mining peoples accounts and what they post, like and share.

It has and always been about information and who will pay for it. Their is no privacy on Facebook, just the illusion of it.

Ninja (profile) says:

Re: Re:

One the one hand, does anybody that uses Facebook really expect privacy?

I think to a degree we should expect some privacy depending on the settings but really, you wouldn’t post your schedules and life details on a sign on a public street but when you add “on the Internet” suddenly people throw common sense out of the window.

Facebook is just one of the privacy problems out there.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...