Facebook's Updated Privacy Policy Breaches EU Law, Belgian Study Claims; Other Countries Investigating

from the must-try-harder dept

Europeans have a rather ambivalent attitude to Facebook. On the one hand, millions of them love using it. On the other, many people are worried about the huge stores of personal information it is building up on its users -- and what it does with it. This has led to various attempts by the Austrian Max Schrems to find out what Facebook knows about him -- and to establish whether its handling of his data is compliant with EU data protection laws. Separately from those efforts, the Belgian privacy commission has been investigating Facebook's privacy policy. It asked researchers at a pair of local universities to provide an analysis. Here's what they found, as reported by the Guardian:

A report commissioned by the Belgian privacy commission has found that Facebook is acting in violation of European law, despite updating its privacy policy.

Conducted by the Centre of Interdisciplinary Law and ICT at the University of Leuven in Belgium, the report claimed that Facebook's privacy policy update in January had only expanded older policy and practices, and found that it still violates European consumer protection law.
The report runs to over 60 pages (pdf). The key findings are as follows:
To be clear: the changes introduced in 2015 weren't all that drastic. Most of Facebook's "new" policies and terms are simply old practices made more explicit. Our analysis indicates, however, that Facebook is acting in violation of European law. First, Facebook places too much burden on its users. Users are expected to navigate Facebook's complex web of settings (which include "Privacy", "Apps", "Adds", "Followers", etc.) in search of possible opt-outs. Facebook's default settings related to behavioural profiling or Social Ads, for example, are particularly problematic. Moreover, users are offered no choice whatsoever with regard to their appearance in "Sponsored Stories" or the sharing of location data. Second, users do not receive adequate information. For instance, it isn't always clear what is meant by the use of images "for advertising purposes". Will profile pictures only be used for "Sponsored Stories" and "Social Adverts", or will it go beyond that? Who are the "third party companies", "service providers" and "other partners" mentioned in Facebook's data use policy? What are the precise implications of Facebooks' extensive data gathering through third-party websites, mobile applications, as well recently acquired companies such as WhatsApp and Instagram?
Unfortunately for Facebook, this is just the start of a much wider investigation across Europe:
The Belgian Privacy Commission is also part of a European task force, which includes data protection authorities from the Netherlands, Belgium and Germany. [Leuven University's] ICRI/CIR and [Vrije Universiteit Brussel's] iMinds-SMIT will continue to support the Privacy Commission in the context of its investigation and future updates to the report will also be shared with their German and Dutch colleagues.
The Guardian notes that other European groups are scrutinizing Facebook's privacy policy:
Facebook is already being investigated by the Dutch data protection authority, which asked Facebook to delay rollout of its new privacy policy, and is being probed by the Article 29 working party formed of data regulators from individual countries across Europe, including the UK’s Information Commissioner’s Office.
Looks like Facebook has a busy few years ahead of it -- and what applies to Facebook is also likely to apply to a host of other companies that offer online services based on gathering large amounts of personal data in Europe.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: belgium, data protection, eu, privacy, privacy policy, terms of service
Companies: facebook


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Anon E. Mous (profile), 25 Feb 2015 @ 3:17am

    well no sense in breaking tradition now.

    Facebook & Privacy shouldn't even be in the same sentence considering Facebook's whole revenue is derived from mining peoples accounts and what they post, like and share.

    It has and always been about information and who will pay for it. Their is no privacy on Facebook, just the illusion of it.

    link to this | view in thread ]

  2. icon
    Gracey (profile), 25 Feb 2015 @ 3:21am

    One the one hand, does anybody that uses Facebook really expect privacy?

    On the other hand "it's about time".

    link to this | view in thread ]

  3. icon
    Ninja (profile), 25 Feb 2015 @ 4:53am

    Re:

    One the one hand, does anybody that uses Facebook really expect privacy?

    I think to a degree we should expect some privacy depending on the settings but really, you wouldn't post your schedules and life details on a sign on a public street but when you add "on the Internet" suddenly people throw common sense out of the window.

    Facebook is just one of the privacy problems out there.

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 25 Feb 2015 @ 5:44am

    Now this is where "education" could solve the problem.
    -The Internet is public.
    -Even if it says it isnt, it still is.
    -Even if you made sure it isnt, the NSA can still see you.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 25 Feb 2015 @ 5:55am

    Re:

    While it is probably true for facebook, it doesn't have to be true in general, where there is no expectation of privacy if the revenue model is based on (personal) data.

    I mean, there are companies that make money to dispose of chemical waste, but we don't expect them to dunk it in the nearest body of water.

    link to this | view in thread ]

  6. identicon
    0jr, 25 Feb 2015 @ 7:06am

    zuckerbergs is mossad jew cousin of snowden and rockafellas grandson need I say more

    link to this | view in thread ]

  7. icon
    Idobek (profile), 25 Feb 2015 @ 8:15am

    Look over there!

    Question:
    What personal data has the government collected?

    Answer:
    Facebook collects huge amounts of personal data!

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.