Privacy: Europeans open the Facebook files
24 October 2011
The Irish Times
Is Facebook too curious about its users’ data? A series of complaints initiated by an Austrian law student have led to a data protection audit in Ireland, where the social networking site’s European HQ is based.
Heralded in the German-speaking press as a David-versus-Goliath struggle, what started off as a university paper by an Austrian law student has become an Irish privacy challenge against Facebook that could affect up to 600 million users across Europe.
The complaints against Facebook have their origin in a request made under European law by Max Schrems, a 24-year-old Austrian law student, for access to the data Facebook holds on him. He eventually received a CD containing 1,222 pages of information that the social network retained about him.
Within his personal file he found certain information that unsettled him. Posts, pokes, messages and friends he knew he’d deleted still showed up in his data. Personal chat or instant messages, some of which contained personal information about him and his friends, were there too.
He was also concerned that other types of data were missing. For example, there was no background information on his use of the “like” button, which allows users to link other sites to their Facebook pages. Nor were there any details of how his image was processed in recently introduced face-recognition data.
"A cool technology"
So Schrems and some friends set up Europe-v-Facebook, an online campaign that is seeking to clarify what it believes are serious privacy issues for Facebook users. The group set out 22 complaints, which it subsequently sent to the Irish Data Protection Commissioner. Because Facebook’s European headquarters are in Dublin, the Irish agency has jurisdiction over the social network’s users outside the US and Canada.
Among the complaints are allegations that Facebook is creating shadow profiles about users and non-users; that direct communications, including chat messages, show up after they have been deleted; and that Facebook is involved in “excessive processing” of data.
Schrems says that this data storage is potentially dangerous. He fears that Facebook, like so many companies before it, will be the target of attempted privacy breaches or that bits of apparently innocuous information will grow into easily searchable life archives with the potential to be misused by government, secret services or others.
His goal, Schrems says, is transparency, something he feels that Facebook preaches but does not practise. Companies dealing with huge amounts of personal data must comply fully with privacy laws, he says, especially when one considers that more than 800 million people use Facebook. “We’re not trying to kill Facebook . . . I’m still a Facebook user,” Schrems says. “I think it’s a cool technology.”
Europe-v-Facebook has already mobilised users. Since the campaign was launched, in August, Facebook has been inundated with requests from thousands of users seeking access to their own data. Previously, the social network received only a handful of such requests each week.
The audit comes at a time when online companies in a number of jurisdictions, including the EU and the US, are increasingly coming under official scrutiny. In March Viviane Reding, the EU Commissioner for Justice, said that companies operating in Europe were bound by EU rules. In August the German state of Schleswig-Holstein ordered state institutions to remove the “like” button from their websites after its data-protection commissioner, Thilo Weichert, ruled that it could lead to profiling that contravenes German and European law. Facial-recognition technology has also concerns some data-protection agencies in the UK and Germany.
In the fast-developing online world, governments and consumers are often playing catch-up. In Market Insight: Social Media Privacy Strategies, a study published earlier this year by the technology research company Gartner, research director Brian Blau notes that “social-media technology development has leapt ahead of consumers’ insight into protecting their online data, and this gap is being exploited by social-media providers, which are pushing the boundaries of what types of data access consumers will tolerate”.
Nowadays, Blau adds, social media – through social networking, blogs, forums and location-based services – have unprecedented access to the increasing amount of information that people are sharing online. When collected and analysed, this data gives “deep insights into individuals, their location, their likes and dislikes, their personal habits and who they interact with”.
With the announcement of the Facebook Timeline, it would appear that the amount of information Facebook users share is going to grow again. Mark Zuckerberg’s online scrapbook invites users to paint a chronological picture of their lives online, and to add details retrospectively to fill it out.