Recently, Facebook became latest US Technology Company to be criticized by a European regulator accusing of violating EU data protection rules as the social network. Academics commissioned by Belgium’s Privacy Commission said Facebook’s new data use policy and terms of service were “in violation of European law”. Facebook’s recently updated terms of service violate European laws governing the use of consumer data, according to a report commissioned by the Belgian privacy commission, even though concerns about the company’s data practices have been raised since at least 2013.The report criticizes many of Facebook’s practices, from the use of consumer data to inform third-party advertisements to the lack of easily-understood privacy controls, and says the revised terms of service merely change the language used to violate European privacy laws.
Commission alleged that Facebook integration with a large number of websites had allowed the social media giant to track both users and non-users as they browsed around the web. However, Facebook has responded to allegations by claiming the most egregious behavior discovered was a bug in their social media plugin.
Here’s what the report says about Facebook’s data collection:
Facebook combines data from an increasingly wide variety of sources (e.g., Instagram, [WhatsApp] and data brokers). By combining information from these sources, Facebook gains a deeper and more detailed profile of its users. Facebook only offers an opt-out system for its users in relation to profiling for third-party advertising purposes. The current practice does not meet the requirements for legally valid consent.
Responding to above allegations, Facebook responded:
“Facebook’s terms do not properly acknowledge the data subject rights of its users. While mention is made of certain (limited) access rights and opt-out mechanisms, Facebook does not appear to give effect to data subject rights. For example, deleting one’s profile is an “all-or-nothing” exercise and only relates to “things you have posted, such as your photos and status updates”. Though users have some options to control the visibility of their information within their networks, they are not able to prevent Facebook from further using this information for its purposes.”
Belgium’s Privacy Commission said Facebook places “too much burden” on users, making it tricky to opt out of certain features and users are also not given enough information about how the company uses their data in adverts. Facebook has directly countered this allegations by saying that users are indeed free to opt out of social ads and that the opt out carries across all devices. Facebook’s response also included descriptions of how their ads work and European audits of those practices.
The most serious allegation the Belgian researchers made was that Facebook was adding cookies to the computers of people without Facebook accounts, assigning them a unique advertising ID and collecting information about their habits. Facebook responded to this allegation admitting that it was true but not Facebook’s deeds! Their justification for this was that researchers have found a bug that may have sent cookies to some people when they weren’t on Facebook and a fix for this is already under way.
Many other accusations were placed like access to the friends list by apps, data sharing among Facebook’s various companies, and the granularity of control over user location data. Defending their side on this claims Facebook said Controlling the amount of information that Facebook stores and shares about you when you have an account is largely a function of your specific privacy options. Facebook has been trying to improve its reputation for privacy with the help of a cartoon dinosaur, launched last year to help guide users around its sometimes complex privacy settings. Whatever response or justification Facebook gives, the fact that they were tracking at least some users for some time without ever having gained their consent is troubling, and conflicts traditionally strict European privacy laws.