Facebook's Updated Privacy Policy Breaches EU Law, Belgian Study Claims; Other Countries Investigating

from the must-try-harder dept

Europeans have a rather ambivalent attitude to Facebook. On the one hand, millions of them love using it. On the other, many people are worried about the huge stores of personal information it is building up on its users -- and what it does with it. This has led to various attempts by the Austrian Max Schrems to find out what Facebook knows about him -- and to establish whether its handling of his data is compliant with EU data protection laws. Separately from those efforts, the Belgian privacy commission has been investigating Facebook's privacy policy. It asked researchers at a pair of local universities to provide an analysis. Here's what they found, as reported by the Guardian:

A report commissioned by the Belgian privacy commission has found that Facebook is acting in violation of European law, despite updating its privacy policy.

Conducted by the Centre of Interdisciplinary Law and ICT at the University of Leuven in Belgium, the report claimed that Facebook's privacy policy update in January had only expanded older policy and practices, and found that it still violates European consumer protection law.
The report runs to over 60 pages (pdf). The key findings are as follows:
To be clear: the changes introduced in 2015 weren't all that drastic. Most of Facebook's "new" policies and terms are simply old practices made more explicit. Our analysis indicates, however, that Facebook is acting in violation of European law. First, Facebook places too much burden on its users. Users are expected to navigate Facebook's complex web of settings (which include "Privacy", "Apps", "Adds", "Followers", etc.) in search of possible opt-outs. Facebook's default settings related to behavioural profiling or Social Ads, for example, are particularly problematic. Moreover, users are offered no choice whatsoever with regard to their appearance in "Sponsored Stories" or the sharing of location data. Second, users do not receive adequate information. For instance, it isn't always clear what is meant by the use of images "for advertising purposes". Will profile pictures only be used for "Sponsored Stories" and "Social Adverts", or will it go beyond that? Who are the "third party companies", "service providers" and "other partners" mentioned in Facebook's data use policy? What are the precise implications of Facebooks' extensive data gathering through third-party websites, mobile applications, as well recently acquired companies such as WhatsApp and Instagram?
Unfortunately for Facebook, this is just the start of a much wider investigation across Europe:
The Belgian Privacy Commission is also part of a European task force, which includes data protection authorities from the Netherlands, Belgium and Germany. [Leuven University's] ICRI/CIR and [Vrije Universiteit Brussel's] iMinds-SMIT will continue to support the Privacy Commission in the context of its investigation and future updates to the report will also be shared with their German and Dutch colleagues.
The Guardian notes that other European groups are scrutinizing Facebook's privacy policy:
Facebook is already being investigated by the Dutch data protection authority, which asked Facebook to delay rollout of its new privacy policy, and is being probed by the Article 29 working party formed of data regulators from individual countries across Europe, including the UK’s Information Commissioner’s Office.
Looks like Facebook has a busy few years ahead of it -- and what applies to Facebook is also likely to apply to a host of other companies that offer online services based on gathering large amounts of personal data in Europe.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Anon E. Mous (profile), 25 Feb 2015 @ 3:17am

    well no sense in breaking tradition now.

    Facebook & Privacy shouldn't even be in the same sentence considering Facebook's whole revenue is derived from mining peoples accounts and what they post, like and share.

    It has and always been about information and who will pay for it. Their is no privacy on Facebook, just the illusion of it.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Feb 2015 @ 5:55am

      Re:

      While it is probably true for facebook, it doesn't have to be true in general, where there is no expectation of privacy if the revenue model is based on (personal) data.

      I mean, there are companies that make money to dispose of chemical waste, but we don't expect them to dunk it in the nearest body of water.

      reply to this | link to this | view in chronology ]

  • icon
    Gracey (profile), 25 Feb 2015 @ 3:21am

    One the one hand, does anybody that uses Facebook really expect privacy?

    On the other hand "it's about time".

    reply to this | link to this | view in chronology ]

    • icon
      Ninja (profile), 25 Feb 2015 @ 4:53am

      Re:

      One the one hand, does anybody that uses Facebook really expect privacy?

      I think to a degree we should expect some privacy depending on the settings but really, you wouldn't post your schedules and life details on a sign on a public street but when you add "on the Internet" suddenly people throw common sense out of the window.

      Facebook is just one of the privacy problems out there.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Feb 2015 @ 5:44am

    Now this is where "education" could solve the problem.
    -The Internet is public.
    -Even if it says it isnt, it still is.
    -Even if you made sure it isnt, the NSA can still see you.

    reply to this | link to this | view in chronology ]

  • identicon
    0jr, 25 Feb 2015 @ 7:06am

    zuckerbergs is mossad jew cousin of snowden and rockafellas grandson need I say more

    reply to this | link to this | view in chronology ]

  • icon
    Idobek (profile), 25 Feb 2015 @ 8:15am

    Look over there!

    Question:
    What personal data has the government collected?

    Answer:
    Facebook collects huge amounts of personal data!

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Caution: Copyright
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.