Austrian student takes on Facebook over privacy

Oct 26, 2011 By MELISSA EDDY , Associated Press
In this photo taken Monday, Oct. 10, 2011, Austrian student Max Schrems holds files about his activities on his Facebook account that Facebook handed over to him, in Vienna, Austria. Schrems wasn't quite sure what information about himself Facebook would send him after he filed a request with the social networking giant to receive his personal data, as is required under European law. It certainly wasn't the stack of 1,222 pages worth on a CD that inspired him to launch an online campaign aimed at forcing the social media behemoth to abide by European data privacy laws _ something the Palo Alto, California-based company insists it already does. Since August, some 350,000 people have visited the site, dubbed "Europe vs. Facebook," and flooded Facebook's European branch, based in Ireland, with requests for their personal data. (AP Photo/Ronald Zak)

Max Schrems wasn't sure what he would get when he asked Facebook to send him a record of his personal data from three years of using the site.

What the 24-year-old Austrian student didn't expect, though, was 1,222 pages of data on a CD. It included chats he had deleted more than a year ago, "pokes" dating back to 2008, invitations to which he had never responded, let alone attended, and hundreds of other details.

Time for an "aha" moment.

In response, Schrems has launched an online campaign aimed at forcing the social media behemoth that has 800 million users to abide by European data - something the Palo Alto, California-based company insists it already does.

Yet since Schrems launched his "Europe vs. " website in August, Facebook has increasingly been making overtures not only to Schrems, but to other concerned about data privacy, including Germany's watchdogs.

"Have we done enough in the past to deal with you? No," Facebook's director of European public policy, Richard Allan, testified Tuesday before a German parliamentary committee on new media. "Will we do more now? Yes."

The lawmakers were holding a hearing on privacy rights.

Europeans - Germans in particular - have long been more concerned about data privacy than their U.S. peers. Still, the European campaign comes amid increased agitation in the U.S. over what many view as invasive Internet marketing practices that allow consumers to be observed, analyzed and harvested for profit, with no regard for their right to privacy.

Last month, several U.S. privacy asked the U.S. in Washington to look into recent changes made by Facebook that give the company greater ability to disclose users' personal information to businesses than it used to have.

The German lawmakers brought up a raft of complaints Tuesday, from allegations that Facebook's "Like" button allows the company to track nonmembers , to concerns over the company's use of facial recognition software on personal photos.

One of Schrems' main complaints with Facebook, he says, is that company retains information far longer than allowed under European law, which it most cases is limited to a few months.

"I wondered, what are they doing with my data?" Schrems said, sitting with his laptop in a Viennese coffee house. "I thought through everything that one can do with that amount of information, all the marketing that is possible."

Under European law, consumers have the right to request a record of the personal information held by a company. The law further stipulates that to retain data beyond the limit of several months, a company must have a reason to do so.

That issue has been the basis for several of the 22 formal complaints that Schrems and his group have lodged with the Irish Data Protection Commissioner - responsible for Facebook's Ireland-based European subsidiary, which serves all users outside of the U.S. and Canada.

Schrems also disputes that the Facebook has given him all of the information it holds about him, arguing that he has only received information from 23 out of a possible 57 data categories.

Facebook insists it has given Schrems and others in his group all of the information that is legally required. Still, Facebook insists it is allowed to hold back data that includes "a range of other things that are not , including Facebook's proprietary fraud protection measures, and 'any other analytical procedure that Facebook runs,'" a Facebook spokesman said.

"This is clearly not personal data, and Irish data protection law rightly places some valuable and reasonable limits on the data that has to be provided," said the spokesman, who did not give a name in keeping with company policy.

Ciara O'Sullivan, a spokeswoman for the Irish commissioner, said a formal investigation has been launched into Schrems' complaints. In addition, a routine audit of Facebook's Irish operation will be conducted sooner than planned, to give authorities a complete picture in weighing the requests.

"We look at the law, and whether something is in breach of that law or not, whether we need to bring an organization into compliance or not," O'Sullivan said in a telephone interview.

Allan repeatedly stressed that Facebook's view is that the way its service operates is completely compatible with European data protection law.

If an organization is found not to be in compliance, they receive a warning and are asked to mend their ways. If they fail to do so, they could face a fine of around euro100,000 ($140,000) - a drop in the bucket for a company valued by Goldman Sachs at $50 billion.

Schrems, who has spent hours poring over his data and the European laws, points out that although the laws on data privacy are tough, there is little incentive for companies to follow them.

"I am not interested in money. What interests me is that the company follows the law," Schrems said. He argued that the only way that can happen is if Facebook users take matters into their own hands.

"It only takes a click to do something about it," he said.

Explore further: Digital dilemma: How will US respond to Sony hack?

More information: Online: http://www.europe-v-facebook.org

5 /5 (9 votes)
add to favorites email to friend print save as pdf

Related Stories

Germany warns Facebook over face-recognition app

Oct 21, 2011

Facebook has until November 7 to bring its facial recognition software into conformity with privacy laws in Germany and the European Union or face legal action, a government lawyer told AFP Friday.

Facebook appoints director of privacy

Sep 14, 2011

Facebook, which has been dogged by complaints over privacy, announced Tuesday that it has named a director of privacy at the social network.

Watchdog: Facebook violates Canadian privacy law

Jul 16, 2009

(AP) -- Canada's privacy commissioner says the online social networking site Facebook breaches Canadian law by keeping users personal information indefinitely after members close their accounts.

Recommended for you

Digital dilemma: How will US respond to Sony hack?

Dec 18, 2014

The detective work blaming North Korea for the Sony hacker break-in appears so far to be largely circumstantial, The Associated Press has learned. The dramatic conclusion of a Korean role is based on subtle ...

UN General Assembly OKs digital privacy resolution

Dec 18, 2014

The U.N. General Assembly has approved a resolution demanding better digital privacy protections for people around the world, another response to Edward Snowden's revelations about U.S. government spying.

Online privacy to remain thorny issue: survey

Dec 18, 2014

Online privacy will remain a thorny issue over the next decade, without a widely accepted system that balances user rights and personal data collection, a survey of experts showed Thursday.

Spain: Google News vanishes amid 'Google Tax' spat

Dec 16, 2014

Google on Tuesday followed through with a pledge to shut down Google News in Spain in reaction to a Spanish law requiring news publishers to receive payment for content even if they are willing to give it away.

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

Milou
5 / 5 (5) Oct 27, 2011
The two "P"s do not go together."(P"rofit will not make "P"rivacy). If one wants "privacy" do not go on media sharing sites. Even without the internet a friend can turn around and kill you in an instant. In any case, Well done. Keep going after Facebook.
CHollman82
1.4 / 5 (10) Oct 27, 2011
WHO CARES?

Nothing you do online is "private", and if you think otherwise you're a fool.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.