Student privacy campaigners plan to sue over Facebook

Campaigners europe-v-facebook are planning legal action concerning Facebook in Ireland over the social network's adherence to privacy and data protection.

The Austrian privacy campaign group said Tuesday that changes and concessions made by the social networking giant do not go far enough, even after a year of campaigns -- and so plan to take on the Irish DPA.

Europe-v-facebook most notably won a petition to force Facebook to turn off its facial recognition feature in Europe. In addition, due to the campaigner's complaints, Facebook now has to limit retention periods for certain data sets, and the firm must also disclose more information on how much data it holds for individual users.

However, after numerous complaints to the Irish Data Protection Commissioner, privacy regulations are still "miles away from other European data protection authorities in its understanding of the law," and "Facebook gave the authority the runaround," the group said in a statement.

The group subsequently published a 70-page response (.pdf) to the Irish audit, dubbed a "counter report" which details all alleged violations of European law after a request from the Irish Data Protection Commissioner. Max Schrems, speaker for europe-v-facebook, said that the report discovered the Irish authority has "not always delivered accurate and correct results," and the group wonder if "blind trust" of the tech giant may have impeded the original audit.

Schrems noted:

"We have to understand the position of the Irish authority: They had to deal with a whole armada of lawyers from Facebook. On the other hand we have a fundamental right to privacy and data protection in the EU. When it comes to basic freedoms and fundamental rights our understanding for the situation of the authority comes to an end."

Europe-v-facebook also say that even though the non-binding audit has led to improvements, it may be little more than a half-hearted attempt to adhere to European law. According to the group, over 40,000 users who requested a copy of all their data held by Facebook still have not received full copies, and the deadline of 40 days for the social networking giant to deliver all their data has passed 40 times.

The campaigners said:

"We are hoping for a legally compliant solution from the Irish data protection authority. Unfortunately, that is highly doubtful at the moment. Therefore we are also preparing ourselves for a lawsuit in Ireland."

In relation to the groups' planned activity, a Facebook spokesperson said:

"We are committed to providing a service which enables millions of European citizens to connect and share with their friends here and around the world. The way Facebook Ireland handles European users data has been subject to thorough review by the Irish Data Protection Commissioner over the past year. The latest DPC report demonstrates not only how Facebook adheres to European data protection law but also how we go beyond it, in achieving best practice. Nonetheless we have some vocal critics who will never be happy whatever we do and whatever the DPC concludes."

In order to try and pay for such a potentially long legal battle, the group have created a crowdfunding platform for Internet users to contribute towards legal costs.

On Monday, U.S. District Judge Richard Seeborg, in California, gave preliminary approval for the social networking giant to settle a class action lawsuit that charges the firm with violating privacy rights. In a revised proposal, the lawsuit -- which alleges that Facebook's Sponsored Stories feature violated Californian law by publishing user "likes" of advertisers without offering an opt-out feature or compensation -- involves over 100 million potential class members.

Users in California can claim up to $10 each as part of the revised settlement, and any money left out of a $20 million settlement fund will go to charity if the order receives final approval.