Facebook may have to rethink how it uses personal user information to sell to advertisers, as draft European legislation will soon be heard in Europe's lower house in January.
The Sunday Telegraph reports that the European Commission, as part of changes to the upcoming Data Protection Directive, could prevent Facebook continuing how it practices data sharing with advertisers.
Facebook allegedly uses "sophisticated software" to collect information on users' activities, and makes this thought to be anonymised data available to advertisers, the report claims.
The new directive will prevent such advertising to go ahead, unless users specifically allow it.
The broadsheet newspaper claims that an investigation it undertook highlights the extent to which Facebook can "help companies to focus adverts according to the profiles of users", including data not limited to personal information.
While the Irish data protection agency continues to analyse Facebook's operational practices, particularly to see whether the social networking giant violates either Irish or European data protection laws, there is conflicting evidence to determine exactly what data Facebook collects, the activities it records, and for how long this data is retained for.
The Sunday Telegraph says that Facebook stores a wealth of data relating to searches, political beliefs, sexual preferences and other data that "can be used", but not necessarily will, for commercial purposes. Along with this, chat messages and detailed information of what users share, as well as content seemingly 'deleted' by the user, remains as part of Facebook's wealth of retained information, seemingly confirmed by 24-year-old Austrian student Max Schrems' claims.
Earlier this year, to add more concern to Facebook's 'hidden' data collection concerns, the social network's search algorithm was exposed, showing how Facebook picks out the 'most relevant' search results based on Facebook friend profile visits.
This led to confirmation that Facebook records data that users would not think of as necessarily private, but nevertheless identifiable. Though Facebook retains this data, it is thought that the social network does not serve this information to advertisers.
It is not entirely clear why the social network retains this data, if it apparently has no commercial use for it as of yet.
The Article 29 Data Protection Working Party, Europe's de-facto data protection agency, is due to meet next week to discuss among many things the Irish audit of Facebook's privacy practices.
Though most of the data Facebook collects from its users is stored in U.S. based datacenters, the social networking giant could face legal action from European authorities should it not comply with the new regulations.
Viviane Reding, vice-president of the European Commission and Commissioner for justice, fundamental rights and citizenship, said last month that the updated directive would amend current data protection laws, used by the 27 member states as foundation legislation, in a bid to protect European interests from technological advances, such as cloud computing and the rise in social networking.
The UK's data protection agency, the Information Commissioner's Office, said via a spokesperson: "If personal data is being passed on to a third party or used for targeted advertising then this should be made clear to the user when they sign up to the site and reinforced when users are invited to use an application".
But the more than 4,000 word contract set out in the terms and conditions governs how the social networking giant can use the data, which arguably gives Facebook the green light should the European directive be ratified.
Facebook continues to maintain that advertisers "do not have access to personal information".
A Facebook spokesperson denied these claims, saying: "We do not share people's names with an advertisers without a person's explicit consent, and we never sell personal information to third parties".
Facebook makes it clear that its advertising targeting is "done anonymously", without sharing personally identifiable information with advertisers.
While the system for advertisers allows adverts to be targeted at users within a certain demographic range, advertisers do not have access to metrics that identify individual users.
Facebook's advertising revenue is set to double to $3.8 billion (£2.4 billion) by the end of the year.
Update: A Facebook spokesperson refuted the claims made by the Sunday Telegraph, adding that it "misrepresents how Facebook's advertising model works". The spokesperson also said: "We do not share people's names with an advertiser without a person's explicit consent and we never sell personal information to third parties", as well as highlighting a number of flaws and inaccuracies with the Sunday Telegraph's reporting.
Though Facebook reiterates that it is "fully compliant with European law", one crucial question however remains. Asking the spokesperson: "Will Facebook will have to make changes to either its policies, privacy settings, advertising model or its practices as a result of the upcoming changes in the EU Data Protection Directive, set to be debated in the European Parliament in January 2012?"
Facebook was unable to comment further.
- Facebook, social networks, businesses ‘must adhere’ to EU law
- European ‘right-to-delete’ law: How enforceable is Facebook?
- Updated European law will close Patriot Act data access loophole
- Facebook not-so-secretly records your stalking habits
- Facebook Timeline a 'stalker's paradise': Mass exodus on the way?
- German regulators accuse Facebook of tracking users’ cancelled accounts