Following a meeting on Monday with representatives of the social networking giant, a group of students plan to continue voicing their concerns over Facebook’s handling of privacy matters with the Irish Data Protection Commissioner (DPC).
The Irish Data Protection Commissioner, Billy Hawkes, first appeared in the media when a full audit was completed of Facebook’s non-U.S. operations last year. The review resulted in over a dozen privacy changes designed to benefit the user, of which Facebook agreed to.
Facebook was asked to stop its practice of holding vast amounts of user data on an indefinite basis, and complete a number of alterations which would extend the control users have over how their information is used. This was agreed to be implemented within six months.
The students, who form the group ‘Europe v. Facebook‘, have filed a total of 22 complaints with the Irish DPC concerning their privacy rights and data use.
After Facebook agreed to meet with the group, a six-hour meeting took place in Vienna’s airport. The representatives of the social networking giant were Richard Allen, Director of Policy EMEA, and an unnamed representative of the United States policy team. Max Schrems, a 24 year-old law student and another student from the University of Vienna represented the Europe v. Facebook group.
The Europe v. Facebook have four main objectives in relation to privacy concerns:
- Greater transparency in how user data is used;
- Opt-in instead of Opt-out policies concerning personal data;
- Greater control over what data is shared (for example, tagging a photo without the individual’s consent);
- Data minimization — better methods to irrevocably delete your data.
According to the statement released by the group (.pdf), the meeting allowed the students to clarify the views of Facebook in terms of European data protection legislation. However, the students also stated that:
“We are even more confident that Facebook is in many ways re-interpreting that law in ways that are not stringent or compliant with the case law by the European Court of Justice.”
The group demonstrated concern that European data protection legislation often comes in to conflict with Facebook’s current policies when a user has expressed ‘assumed consent’ over a process by not opting-out or prohibiting it.
The social networking giant’s representatives said that Facebook is still ‘on the journey’ to fully comply with European laws — one example being the recent issue of images uploaded online still remaining on company servers after deletion. According to the students, Facebook plans to alter worldwide privacy policies in order to comply with data protection rulings.
Europe v. Facebook will be publishing a ‘detailed protocol’ on the arguments that were exchanged at the meeting, and what the next steps are to be taken for the sake of transparency. Facebook has agreed to research particular issues raised in the meeting and forward on their data to the students. The group plans to ask the Irish DPC for a formal ruling if any issues remain unresolved.
Related:
