Facebook's Updated Privacy Policy Breaches EU Law, Belgian Study Claims; Other Countries Investigating
from the must-try-harder dept
Europeans have a rather ambivalent attitude to Facebook. On the one hand, millions of them love using it. On the other, many people are worried about the huge stores of personal information it is building up on its users — and what it does with it. This has led to various attempts by the Austrian Max Schrems to find out what Facebook knows about him — and to establish whether its handling of his data is compliant with EU data protection laws. Separately from those efforts, the Belgian privacy commission has been investigating Facebook’s privacy policy. It asked researchers at a pair of local universities to provide an analysis. Here’s what they found, as reported by the Guardian:
A report commissioned by the Belgian privacy commission has found that Facebook is acting in violation of European law, despite updating its privacy policy.
Conducted by the Centre of Interdisciplinary Law and ICT at the University of Leuven in Belgium, the report claimed that Facebook’s privacy policy update in January had only expanded older policy and practices, and found that it still violates European consumer protection law.
The report runs to over 60 pages (pdf). The key findings are as follows:
To be clear: the changes introduced in 2015 weren’t all that drastic. Most of Facebook’s “new” policies and terms are simply old practices made more explicit. Our analysis indicates, however, that Facebook is acting in violation of European law. First, Facebook places too much burden on its users. Users are expected to navigate Facebook’s complex web of settings (which include “Privacy”, “Apps”, “Adds”, “Followers”, etc.) in search of possible opt-outs. Facebook’s default settings related to behavioural profiling or Social Ads, for example, are particularly problematic. Moreover, users are offered no choice whatsoever with regard to their appearance in “Sponsored Stories” or the sharing of location data. Second, users do not receive adequate information. For instance, it isn’t always clear what is meant by the use of images “for advertising purposes”. Will profile pictures only be used for “Sponsored Stories” and “Social Adverts”, or will it go beyond that? Who are the “third party companies”, “service providers” and “other partners” mentioned in Facebook’s data use policy? What are the precise implications of Facebooks’ extensive data gathering through third-party websites, mobile applications, as well recently acquired companies such as WhatsApp and Instagram?
Unfortunately for Facebook, this is just the start of a much wider investigation across Europe:
The Belgian Privacy Commission is also part of a European task force, which includes data protection authorities from the Netherlands, Belgium and Germany. [Leuven University’s] ICRI/CIR and [Vrije Universiteit Brussel’s] iMinds-SMIT will continue to support the Privacy Commission in the context of its investigation and future updates to the report will also be shared with their German and Dutch colleagues.
The Guardian notes that other European groups are scrutinizing Facebook’s privacy policy:
Facebook is already being investigated by the Dutch data protection authority, which asked Facebook to delay rollout of its new privacy policy, and is being probed by the Article 29 working party formed of data regulators from individual countries across Europe, including the UK?s Information Commissioner?s Office.
Looks like Facebook has a busy few years ahead of it — and what applies to Facebook is also likely to apply to a host of other companies that offer online services based on gathering large amounts of personal data in Europe.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: belgium, data protection, eu, privacy, privacy policy, terms of service
Companies: facebook
Comments on “Facebook's Updated Privacy Policy Breaches EU Law, Belgian Study Claims; Other Countries Investigating”
well no sense in breaking tradition now.
Facebook & Privacy shouldn’t even be in the same sentence considering Facebook’s whole revenue is derived from mining peoples accounts and what they post, like and share.
It has and always been about information and who will pay for it. Their is no privacy on Facebook, just the illusion of it.
Re: Re:
While it is probably true for facebook, it doesn’t have to be true in general, where there is no expectation of privacy if the revenue model is based on (personal) data.
I mean, there are companies that make money to dispose of chemical waste, but we don’t expect them to dunk it in the nearest body of water.
One the one hand, does anybody that uses Facebook really expect privacy?
On the other hand “it’s about time”.
Re: Re:
One the one hand, does anybody that uses Facebook really expect privacy?
I think to a degree we should expect some privacy depending on the settings but really, you wouldn’t post your schedules and life details on a sign on a public street but when you add “on the Internet” suddenly people throw common sense out of the window.
Facebook is just one of the privacy problems out there.
Now this is where “education” could solve the problem.
-The Internet is public.
-Even if it says it isnt, it still is.
-Even if you made sure it isnt, the NSA can still see you.
zuckerbergs is mossad jew cousin of snowden and rockafellas grandson need I say more
Look over there!
Question:
What personal data has the government collected?
Answer:
Facebook collects huge amounts of personal data!