Facebook rebuked by EU privacy platform; Patriot Act a 'distraction'?

Facebook rebuked by EU privacy platform; Patriot Act a 'distraction'?

Summary: Facebook received words of warning about privacy and data protection at a European Parliament privacy conference in Brussels today.


BRUSSELS -- The European Parliament's Privacy Platform met today to discuss a wide range of transatlantic data protection matters, which have yet to be resolved.

With representatives from Facebook, along with Microsoft's former privacy chief, privacy groups and advocates met from across Europe to discuss the ongoing negotiations between Europe and the United States on data transfer rules.

Facebook spokesperson Richard Allan said Facebook operates under Safe Harbor rules, and that "all European users are with Facebook Ireland and protected under data protection laws".

However, Facebook Ireland, where European's data is stored, has a relationship with Facebook Inc. based in the United States, to allow "data processing in the United States".

Allan told members of the Privacy Platform that Facebook is not just a place to enjoy, but a business model ready for developers and entrepreneurs to take advantage of. For many, it has built lives, not just maintained friendships.

Facebook's spokesperson went on to describe how Safe Harbor -- a transatlantic agreement to ensure European data remains safe and secure by European standards while in the United States -- is "very important" for businesses wanting to operate "safely, securely and fairly."

The discussion was interrupted by former Microsoft privacy chief Caspar Bowden, who claimed that Facebook was not as open as it said it was.

Bowden described how a subject access request -- a Europe-wide information gathering tool, designed to be used by end-users and ordinary citizens to see what data a company, public or private, has on them -- was flat-out denied by Facebook.

Describing the lengthy process, ultimately reaching the European Commission itself, even they could not satisfy the request. Facebook "respectfully" asked to be put in contact as so that the request could be met. But in front of an audience of at least 200, Facebook did not come off as well as it could have.

Patriot Act a 'distraction'

Sophie in 't Veld, Dutch MEP and vice-chair of the European Parliament's civil liberties and justice committee, had asked the European Commission, Europe's upper house, for clarification in questions regarding data jurisdiction put forward last week.

Francoise Le Bail, representing the Commission said that "political negotiations" were still underway, as British MEP Baroness Ludford championed the jurisdiction question as something "very important to cover" and "discussion needs to start".

Le Bail noted that the "key thing" is that the U.S. cannot impose its own law on data held in the European Union, stating that "normal channels through the relevant authorities" have to be met.

Though the Patriot Act can be used to access data held in European countries and further afield, and Microsoft earlier this year admitted that it would hand over data, there is no proof that data has in fact been handed over. While the theory exists, and has been proved by general law consensus, questions remain as to how many Patriot Act requests have been submitted to the major web companies: Facebook, Microsoft and Google.

Yet Bowden pointed out is that "the Patriot Act has become a distraction" against the "real threat to European data".

While Patriot Act requests have some level of accountability, albeit often through one courtroom judge, warrants "must all but always be served". Bowden went on to describe a clause of the Foreign Intelligence Surveillance Act (2008 Amendment), pointing to 1881(a): "Procedures for targeting certain persons outside the United States..."

Describing how the wording specifically describes "remote computing services" -- in modern day terms, cloud computing -- the FISA (2008) Amendment, as described by Bowden, is a targeted, unwarranted tool to access cloud computing documents, files and content held by foreign nationals outside the United States.

Though major issues were considered, from cloud data jurisdiction to personal privacy and data control, in 't Veld admitted that this was only the beginning of a long haul, and that data protection laws were "only as strong as the weakest link"; while, Bowden described the "wilderness of mirrors" that both contents either side of the Atlantic have to contend with.


Topics: Government US, Data Centers, Data Management, Government, Legal, Storage, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Not true.

    <i>"While Patriot Act requests have some level of accountability, albeit often through one courtroom judge, warrants ?must all but always be served?.</i>

    Acts of 'terrorism' are not covered by warrants.

    In fact, the Writ of Habeus Corpus was and still remains suspended as a provision of the Patriot Act.

    That means, the U.S. Government can 'hold' anyone indefinitely.

    Midnight Express anyone? Americanish?

    Dietrich T. Schmitz *Your
  • Yep, pretty much sums it up

    Veld' Chicken Little performance is a distraction. 10 years from now we are going to look back and state "Remember when some people got all hot and bothered over the Patriot Act for no good reason?"
    Your Non Advocate
  • RE: Facebook rebuked by EU privacy platform; Patriot Act a 'distraction'?

    For Facebook world govt's are testy subjects when dealing together. Of course facebook envy's to some point world gov't with the amount of control they have over its people. Facebook goal one day is work directly with nationalized govt's to be a sort of nation ID identifier. They will track you and keep updated information on yourself. So in fact they will be the new standard of a future Patriot Act. Sites that DON'T use real names or emails are the future. No personal identifiers are not needed to social network properly. & ONLYMEWORLD.COM is proving it!!! Try it out for yourself, the new standard in social networking.
  • RE: Facebook rebuked by EU privacy platform; Patriot Act a 'distraction'?

    The real issues today people have about privacy is the amount of information social networking sites are collecting about its users, the way this information is being collected, and how this information is being used. With all this information social networking sites today have about its users, add a real name, add an email, and add facial recognition, not only do people loose their privacy, they also expose themselves to cyber crimes, and predatory advertising & manipulation, etc.,

    Regardless of what sites today promise regarding security, any site can be hacked(An example would governments, banks, and law enforcement agencies who have so called state of the art security systems). Social networking sites such as Google+ & Facebook are open door gold mines for cyber criminals. The obvious solution to address these problems involving privacy, anonymity, and cyber crime is simple, no real names, no emails. You don?t need a real name and an email address to social network effectively yet with some anonymity, you need this information to sell to advertisers & companies, you also need this information to sell someday to private interest, governments, companies, etc.,

    Although only 60% complete and still in Beta, ONLYMEWORLD early on seems to realize that respecting its users Privacy Rights, Anonymity, and protection from Cyber Crime, is paramount to both longevity & success in the industry. Their platform is similiar to Facebook, Google+, Twitter, and Linkedin, yet differ because of their approach to Privacy Rights, Anonymity, and protection from Cyber Crime by not asking for real names, emails addresses, and not engaging in facial recognition, etc. People again are able to social network with some anonymity & privacy, yet effectively!
    Carlson Yamamoto
  • US Patriot Act provisions are violations of laws of other countries

    Why does the US government think they have the right to impose their laws on people who are not their citizens and not in their country? How will they react if a US based company surrenders information on a server they have in another country, only to be sued for millions for breach of privacy in the other country?

    These are some issues that should be addressed as well. I bet they won't as it means attacking parts of the Patriot Act head on and I doubt the EU has the balls to take on the US that hard.
    Deadly Ernest