Objectives of “europe-v-facebook.org”
Are EU Data Protection Laws enforceable in Practice? This may be the main question that europe-v-facebook.org is now about. The right to data protection is a fundamental right in the European Union, but at the same time very little companies respect it. Facebook is just one of many that have a bad reputation when it comes to the handling of users’ data.
So the question arises if users are just too lazy to do something about it, or if the laws are in practice unenforceable?
We unintentionally landed in the middle of a big experiment after filing 22 complaints against Facebook in Ireland, because of breaches of the most basic privacy rules. We happened to look at Facebook for a number of reasons, but the results are very likely exemplary for a whole industry.
You can follow our journey and the under “Legal Procedure”.
While it is clear by now, that no normal citizen is able to follow through with such a proceeding, we are still working to get our final decision today. We want to know if our fundamental rights are respected and enforced against tech giants like Facebook, or if our rights are only existing on the paper.
Transparency. It is almost impossible for the user to really know what happens to his or her personal data when using Facebook. For example “removed” content is not really deleted by Facebook and it is often unclear what Facebook exactly does with our data. Users have to deal with vague and contradictory privacy policies and cannot fully estimate the consequences of using Facebook.
A company that constantly asks its costumers to be as transparent as possible should be equally transparent when it comes to the use of its costumers personal data. Transparency is not only a question of fairness but it is also a principle of European data protection law. It is time that the biggest social network worldwide sticks to these legal principles.
You can take a first step for more transparency on facebook by requesting a full copy of all your personal data (further information see “request your data!”).
Opt-in instead of Opt-out. Facebook often claims that all users have consented to the use of their personal data. But in reality facebook users know that facebook is more of an “opt-out”-system: If you do not change all the preset privacy settings most personal data will be visible without restrictions. Users that do not want this have to struggle with endless buttons and settings. This oftentimes means that the more privacy a user wants, the more clicks and the more care for every detail is necessary. Older or inexperienced users may not even be able to do so. New functionalities are activated automatically without proper information of the users.
Again the European privacy laws clearly state: The user has to unambiguously consent to any use of its data, after being properly informed about the specific form of use.
Some of your Complaints at the Irish Data Protection Commissioner are targeting at changing facebook to a real opt-in platform (more about our Legal Procedure).
Decide yourself. There are people that do not want to share too much information online. But facebook found a way to get their personal data too: Facebook is encouraging other users to deliver their data.
Examples of this practice is the possibility of synchronizing mobile phones, importing e-mail addresses or by “tagging” other users in photos, videos or even at certain locations.
By allowing this, facebook is ignoring another principle of European data protection law: Only the individual user can consent to the use of his or her data. It is not sufficient that some other user think that they can tag you in an embarrassing picture or send other people’s e-mails to facebook. Other social networks have solved this problem and do not process the data until the individual user has agreed to the use of the specific data.
Some of our Complaints at the Irish Data Protection Commissioner are targeting this problem (more about our Legal Procedure).
Data Minimization. Have you ever looked at your facebook wall all the way to the end? How much information have you collected that is useless (to you)?
Facebook offers no sufficient way of deleting old junk data. Every inconsiderate comment, every invitation to an event (e.g. a demonstration) and every “like” is recorded for an indefinite amount of time.
But facebook does more than that: Even removed tags, friends or messages are kept in facebook’s systems (see data sets here). Even if you delete your whole account, facebook will keep some of this personal data (the specific amount is unclear).
This practice is contrary to the principle of data minimization. It is about time to think about the final disposal personal data that was shared on facebook.
Many of our Complaints at the Irish Data Protection Commissioner are targeting the problem of unlimited storing of personal data by facebook (more about our Legal Procedure).
Open Social Networks. Today Facebook is a monopoly. Because Facebook drained the users from all other networks there is no realistic choice to chose an other provider. The failed Google+ experiment shows that not even Google was able to provide for an alternative in the market. This is typical for a “closed system”: Like a black hole Facebook managed to get more and more users until there was a point where everyone had to join because all of their friends moved to Facebook. Today Facebook is in a position where they can more or less do whatever they wand without serious consequences. There is no free market for social networks anymore.
We think that an open standard for social networks would be the key to change this situation. Like with your e-mail you should be able to choose your provider and still be able to communicate with your friends that made another choice. This would mean that the market for social networks would be open to new business models or even non-profit concepts that would bring us innovation an choice. Different groups have already or are currently working on such solutions (see e.g. W3C).
We think that a broad implementation could only be done by a law on a European level that forces providers to implement an open interface into their platforms. This would be in line with many other European regulations that opened up closed networks (e.g. telephone, rail, electricity or gas). Providers with better products or better privacy controls would quickly be a serious risk for Facebook’s profits and would provide for platforms that center around the users.