Facebook’s privacy policy breaches European law, report finds

23.02.2015 15:37

A report commissioned by the Belgian
privacy commission has found that
Facebook is acting in violation of European
law, despite updating its privacy policy.
More on this topic
Seven things we learned from Facebook's
latest financial results
Conducted by the Centre of
Interdisciplinary Law and ICT at the
University of Leuven in Belgium, the
report claimed that Facebook’s privacy
policy update in January had only
expanded older policy and practices, and
found that it still violates European
consumer protection law.
“Facebook’s Statement of Rights and
Responsibilities (SRR) contains a number
of provisions which do not comply with the
Unfair Contract Terms Directive. These
violations were already present in 2013,
and they are set to persist in 2015,” wrote
the authors.
According to the report, Facebook’s policies
around profiling for third-party
advertising do not “meet the requirements
for legally valid consent”, while the social
network “fails to offer adequate control
mechanisms” with regard to the use of
user-generated content for commercial
purposes.“Facebook places too much burden on its
users. Users are expected to navigate
Facebook’s complex web of settings in
search of possible opt-outs,” wrote the
authors. “Facebook’s default settings
related to behavioural profiling or Social
Ads, for example, are particularly
The report also points out that there is no
way to stop Facebook from collecting
location information on users via its
smartphone app other than to stop location
access on the smartphone at the level of
the mobile operating system.
“Users are offered no choice whatsoever
with regard to their appearance in
“sponsored stories” or the sharing of
location data,” wrote the authors, stating
that “users do not receive adequate
information” to help them make informed
choices where choices are available.
The authors continue: “We argue that the
collection or use of device information
envisaged by the 2015 data use policy does
not comply with the requirements of
article 5(3) of the EU e-Privacy Directive,
which requires free and informed prior
consent before storing or accessing
information on an individual’s device.”Facebook met with Bart Tommelein, the
Belgian privacy minister, to discuss the
report. The company claims that its privacy
policy does not break Belgian data
protection laws, according to reports.
Facebook is already being investigated by
the Dutch data protection authority, which
asked Facebook to delay rollout of its new
privacy policy, and is being probed by the
Article 29 working party formed of data
regulators from individual countries across
Europe, including the UK’s Information
Commissioner’s Office.