Belgian privacy watchdog sues Facebook ahead of summit
The chairman of the Belgian Privacy Commission, William Debeuckelaere, says Facebook's behavior "cannot be tolerated."
Privacy will be on the docket at a Belgian court on Thursday -- and Facebook will be the defendant.
The Belgian Privacy Commission has sued Facebook and will take the world's largest social network to court on Thursday for allegedly violating privacy laws both in Belgium and in the European Union. Speaking to Belgian news outlet DeMorgen, the country's chairman of the Privacy Commission William Debeuckelaere said that Facebook's behavior "cannot be tolerated." He added that he hopes the court will force Facebook to change its privacy practices.
The court case is part of a broader trend across Europe to dismantle some of the key functions built into Facebook's user and data-sharing policies. Some privacy regulators argue that Facebook is collecting user information at will and without proper consent among its users. If the company is found to be engaging in such behavior, Facebook would be required to modify its data-collection strategy and ultimately provide users more control over how their information is collected.
Facebook has over 1.4 billion users worldwide, as well as more than 800 million users on its messaging app WhatsApp and 300 million on photo-sharing app Instagram. On June 12, Facebook announced that its Messenger messaging application has 700 million users. Approximately 83 percent of Facebook's user base is outside of the US and Canada.
In February, Belgium enlisted the help of two organizations that are part of the government's iMinds digital research center to investigate updates to the social network's terms of service. The resulting report indicated that " Facebook is acting in violation of European law" -- a charge Facebook denied.
The report centered on Facebook's updated terms of service and data policy, which went into effect in January. The report found that the modifications to those policies gave too much control to Facebook to collect user data and at times, share that with third-parties.
"Users do not receive adequate information," the report asserts. "For instance, it isn't always clear what is meant by the use of images 'for advertising purposes.' Will profile pictures only be used for 'Sponsored Stories' and 'Social Adverts,' or will it go beyond that? Who are the 'third party companies,' 'service providers' and 'other partners' mentioned in Facebook's data use policy? What are the precise implications of Facebook's extensive data gathering through third-party websites, mobile applications, as well recently acquired companies such as WhatsApp and Instagram?"
That was followed in May by a statement from the data-protection authority saying that its ongoing investigation into Facebook was "disconcerting." The organization was concerned that Facebook's policies allegedly allow it to track any person hitting a Facebook webpage and then link that to other personally identifiable and potentially sensitive information on their profile pages, including religious and sexual preference. The organization asked Facebook to seek consent to track users, rather than do so without their express consent. The privacy commission has now taken the next step of suing Facebook to get it to fall in line, after the company declined those requests.
A Facebook spokesman on Monday expressed surprise over the commission's decision to sue the social network, since the parties had already agreed to meet on Friday.
"We were surprised and disappointed that ... [the Belgian Privacy Commission] took the theatrical action of bringing Facebook Belgium to court on the day beforehand," the Facebook spokesman said. "Although we are confident that there is no merit to the ... case, we remain happy to work with them in an effort to resolve their concerns, through a dialogue with us at Facebook Ireland and with our regulator, the Irish Data Protection Commissioner."
The Commission did not immediately respond to a request for comment.
A broader view of privacy on Facebook
Privacy regulators in France, Spain, Italy and elsewhere have launched probes into how Facebook collects user data. They're most interested in how Facebook combines its own information with that from the other companies it owns, like Instagram, as well as how it tracks people after they have used Facebook's services.
If Facebook is eventually found to be violating privacy laws within those countries, the company could face millions of euros in fines and be forced to modify how it operates in the specified countries.
Facebook, which has its European headquarters in Ireland, has said that individual EU law dictates that countries do not have the right to investigate just any business. Facebook argues that companies can be monitored only by regulators based where their headquarters are located. As soon as regulators within that country allow a firm to operate and determine that it's in compliance with EU law, the firm can offer its product or service anywhere in the EU.
Such an argument could prove to be a sticking point in the Belgian case. The majority of Facebook's European users are actually outside of Ireland, but the company is governed by the regulations in that country. The spirit of the law was to simplify company regulation in a euro zone that's rife with varying laws and regulations.
Facebook points to EU law
Facebook has said that the law makes sense. If individual countries are allowed to determine their own regulatory standards, the eurozone is essentially broken and common laws ousted, Facebook has argued. Companies, meanwhile, will need to take on the expensive task of adhering to different country laws and in the process, the social network argues, it's the average consumer who suffers.
"Consumers would not be as well served; the cost of selling in a new market would increase, and some companies would not bother," Facebook vice president of public policy Richard Allan wrote in an editorial in April. "Common rules have given Europe's workers prosperity and its consumers choice."
European regulators, however, have grown impatient with such edicts. Though the EU is made up of member countries, they all have their own laws on privacy, and interpretations of what it is. Therefore, the countries believe they should have some say in how companies operate, even if those firms are based in another country.
According to the DeMorgen report, the country's privacy commission believes the company makes "a mockery of European and Belgian privacy laws." The Commission presented recommendations with the company to modify Facebook's policy on collecting and sharing data, the report claims, but the social network rebuffed those offers, leaving no alternative but a lawsuit.
If the Belgian court rules that modifications should be made to its service to better protect data privacy, other countries could seek similar decisions in their own lawsuits. That would then likely render a broader case in an EU court.