Many MEPs celebrated in the European Parliament’s hemicycle in Strasbourg in the end of February. They had just flexed their muscles and voted down, on grounds of lack of data protection guarantees, the SWIFT agreement that would allow EU members to share details on European banking transactions with the US authorities. At the same time, the news appeared on the EP’s Facebook profile – yet the social network is being accused of a cavalier approach to personal data protection.
It is no secret that Facebook has been racing ahead recently, leaving other social networks in its trail. As long as Facebook offered its network in English only, national networking sites, such as Skyrock in France or StudiVZ in Germany fared pretty well. But with translation of Facebook pages into other languages, the language barrier disappeared, and the American company really started growing.
Unfair advantage?
Bosses of European social networking sites have their own explanations for the Facebook success. Although they admit the Americans may have a better product, the chief of StudiVZ Clemens Riedl recently told the Financial Times that his company was not able to compete with Facebook on a level playing field: “Most things Facebook does are illegal under German law,” he said, refering to the fact that Facebook can share some user data with advertisers, while German competitors are bound by stricter data protection laws.
“Most things Facebook does are illegal under German law,” says boss of leading German networking site StudiVZ.
This makes Facebook a more attractive advertising platform, a huge advantage in times when advertisers are increasingly picky about how much bang they are getting for their buck. Advertising is a single biggest revenue source for most social networks.
Not up to the standard
How exactly does Facebook address EU data protection laws? The answer is found in the so-called safe harbour agreement between the US and the European Union. When the EU data protection directive entered into force in 1998, this presented a conundrum for American companies that, in the course of their business, deal with personal data of European citizens. EU laws specify that the transfer of personal data from the EU to countries that don’t meet the EU data protection requirements is prohibited – and the US data protection laws are not deemed to be up to European standards.
Safe harbour agreements allow those American companies that subscribe to more stringent data protection practices and thus comply with EU requirements to do business in the EU without fearing lawsuits or other business problems.
Wait a minute …
However, according to a 2008 study by Galexia, an independent consultancy specializing in privacy and electronic commerce, the fact that a US company is included on the safe harbour list does not necessarily mean that it treats personal data of European citizens it has in its posession in a manner mandated by European laws.
If true, the results of the study are quite shocking: of 1,597 entries on the list, only 348 organisations satisfied the requirements of the safe harbour network.
German Consumer Protection Minister Ilse Aigner threatened to delete her Facebook profile, if the social networking website does enhance the ways it deal with personal data.
Germans weigh in
The finding that the presence of a company’s name on the safe harbour list might allow US firms to treat EU citizens’ personal data without due consideration of European laws has not been lost on German data protection offices. This month, spurred by the Galexia study, they will debate the ways of how to put things right with regard to perceived violations by US companies of EU data protection laws.
The names of Facebook and Google have been bandied about to show that regulators mean business. In addition, a letter of German Consumer Protection Minister Ilse Aigner to Facebook’s founder Mark Zuckerberg, threatening to delete her Facebook profile, if the social networking website does not mend its data protection ways, leaves no doubt about the fact that a regulatory backlash is in the making.
Let’s just hope it does not land in another safe harbour.
I think Facebook is a great innovation. In my opinion it creates economic, customer and social value.
Credit cards and internet banking are also great innovations but I’m not going to go around sharing my account details with everyone and I don’t expect my bank to do that either. That’s common sense.
So, why can’t we just apply the same rules to Facebook as we do to banks? We can also take responsibility to keep our facebook networks private in the same way we do with our shared bank accounts?
Are the rules different in this case?
RT @craigrcarpenter: RT@EUdiscovery "Most things Facebook does are illegal under German Law." see: http://bit.ly/91l5TH #privacy #EU
RT@EUdiscovery "Most things Facebook does are illegal under German Law." see: http://bit.ly/91l5TH #privacy #EU
RT @EUdiscovery: "Most things Facebook does are illegal under German Law." see: http://bit.ly/91l5TH #privacy #EU
RT @lsptrainer: RT @EUdiscovery: "Most things Facebook does are illegal under German Law." see: http://bit.ly/91l5TH #privacy #EU
RT @EUdiscovery: "Most things Facebook does are illegal under German Law." see: http://bit.ly/91l5TH #privacy #EU
If you throw out SWIFT, why not ban Facebook? http://bit.ly/91l5TH #privacy #EU
If you throw out SWIFT, why not ban Facebook? http://bit.ly/91l5TH #privacy #EU
"Most things Facebook does are illegal under German Law." see: http://bit.ly/91l5TH #privacy #EU
Hmm. The USA "Safe Harbour" gives no assurance of privacy with no auditing, no penalty http://bit.ly/bWwg8W http://bit.ly/aTAWVP #DPA #fail
If you throw out SWIFT, why not ban Facebook? asks Marko on team's blog. http://bit.ly/9GfJ7z
First, a little glitch, sweet and fun – the quote of Ilse Aigner currently says “German Consumer Protection Minister Ilse Aigner threatened to delete her Facebook profile, if the social networking website does enhance the ways it deal with personal data.”
Now, personally, I wouldn’t put it beyond any member of the current German government to leave Facebook if they did improve their data policies, but the threat in Aigner’s open letter was to delete her profile if they do *not* enhance teir dealing with personal data.
Second, I really wonder what it takes? Facebook’s data policies were already outreagously invading and disempowering much earlier. I left the network in early 2008, and back then their privacy policy contained this bit, for example:
Context and Background | <a href="http://www.nonformality.org/2008/01/so-long-facebook/"So long Facebook on Nonformality
Since then, it has only gotten worse. At the same time, I know of several attempts to build independent, responsible, non-profit social networks for users of the youth programmes – which have, so far, been refused funding with the argument that Facebook is already there anyway.
When will we learn that we need to take control of our own data? And Parliamentarians should be at the forefront of that movement, rather than rushing to make their own profile.