December 21, 2024

Austrian Group Plans Court Challenge to Facebook’s Privacy Policies

BERLIN — An Austrian student group said Tuesday it planned to challenge Facebook’s privacy policies in Irish court in coming months, alleging that the social networking giant had failed, despite repeated requests and formal complaints made by its members, to adapt its privacy policy to the restrictions of European data protection law.

The group, called Europe vs. Facebook, said it would begin collecting donations to challenge Facebook’s privacy policy in Ireland, where the company’s European business is based. Max Schrems, an Austrian law student at the University of Vienna who organized the effort, said that Facebook has no interest in adapting its service to meet stricter European privacy requirements.

“We have been pursing this for more than a year with Facebook, but the company has done only about 10 percent of what we had asked them to do,” said Mr. Schrems, 25. “Therefore, we are preparing to go to court.”

Two Facebook spokeswomen did not immediately respond to email requests for comment.

Mr. Schrems’ group, which he said is made up of about 10 students at the University of Vienna, filed 22 complaints in 2010 with the Office of the Irish Data Protection Commissioner, which is the European regulator responsible for Facebook.

As a result of those complaints, the regulator conducted a public audit of Facebook’s privacy policies. In September it announced an agreement with the company that, among other changes, required Facebook to shorten how long it retains consumer data, and to refrain from building a photo archive on individuals without their prior consent.

But Mr. Schrems, in an interview, said Facebook was still violating European law in many areas, including a requirement that Facebook provide users upon request with a full copy of all the data the company has collected on them. Mr. Schrems, a Facebook user since 2007, said he requested his own summary file from Facebook in 2010.

The company, based in Palo Alto, California, responded by creating a self-service tool for users to extract the data, which Mr. Schrems said only supplied him with information going back to 2010. In addition, Facebook’s privacy policy, which users are required to agree to before they can use the service, is too broad and violates European law, he alleged.

“It is basically a collection of American legalese, which is intentionally vague and gives the company adequate leeway to do basically anything they want with your data,” Mr. Schrems said.

Thilo Weichert, the data protection supervisor for the German state of Schleswig-Holstein, which has also brought legal action against Facebook, said he supported the Austrian student group’s efforts.

“Facebook’s policy is much too vague and broad and does not conform with German or European law,” Mr. Weichert said in an interview. “We think that European privacy officials need to take common action on this.”

Mr. Weichert in August 2011 issued an administrative order that barred businesses in the state, which is located along Germany’s northern border with Denmark, from using Facebook’s social plug-ins such as the Like button and Fan pages. The rationale for the order: those applications collect information on users without their consent by inserting cookies, or small bits of software that track individual computers, on a user’s web browser.

In November of last year, Mr. Weichert sued several local business organizations, including the state’s own Industrie- und Handelskammer, the equivalent of the local chamber of commerce, for creating their own fan pages on Facebook. The chamber and businesses that have not been identified, have challenged that suit, which is pending in court in Kiel.

The privacy policies of Facebook, Google and some other U.S. web companies have come under increasing criticism in Europe.

European and national laws increasingly demand that consumers first give their explicit, prior consent before their data can be used for target-advertising purposes. In October, the French privacy regulator, CNIL, released a critical analysis of the new consolidated privacy policy that Google adopted earlier this year, which combines information on individuals from the range of Google’s services. CNIL said the policy did not adhere to many aspects of European law.

Article source: http://www.nytimes.com/2012/12/05/technology/austrian-group-plans-court-challenge-to-facebooks-privacy-policies.html?partner=rss&emc=rss