Irish data protection watchdog faces legal challenge over Facebook privacy audit
Privacy campaign group Europe vs. Facebook has appealed for donations to mount a legal challenge against the watchdog
IDG News Service - Privacy campaign group Europe vs. Facebook has threatened to take the Irish Data Protection Commissioner to court if it is not satisfied with the DPC's final responses to its 22 complaints about Facebook's privacy policies, and appealed for donations to cover the costs of such an action.
The group made its threat on Tuesday as it published its 73-page response to the Irish DPC's September audit of the social network's policies. It said that if the DPC did not act in the best interests of Facebook users, the cost of challenging it could reach A!300,000 (US$390,000).
The DPC's September audit concluded that Facebook had complied with most of the recommendations it had made in an earlier investigation of the campaign group's complaints. Facebook's Irish subsidiary, responsible for the data of users outside the U.S. and Canada, is subject to Irish and European Union data protection law.
Facebook even went beyond the DPC's recommendations in one instance, deciding to delete all facial recognition data it had stored about its E.U. users.
That wasn't enough for the Europe vs. Facebook campaigners, who after analyzing the audit report accused Facebook of fooling the DPC in some cases, and not sticking to its promises in others.
"After a detailed analysis of the 'audit' documents it became clear that the authority has taken very important first steps, but that it has not always delivered accurate and correct results," the group said in a news release. "In some cases we also had to wonder if the authority has really checked Facebooks claims, or if they have blindly trusted Facebook," it added.
A Facebook spokeswoman commented: "We have some vocal critics who will never be happy whatever we do and whatever the DPC concludes."
The campaign group acknowledged that the audit has led to improvements in Facebook's behavior, but said many are "halfhearted" in their compliance with E.U. law. For example, Facebook sent incomplete responses to more than 40,000 users who requested a copy of all the data Facebook held about them, the group said. "In our test the tools which allow to access all data have often times just produced white pages," it said.
The group also questioned why Facebook only deleted facial recognition data concerning E.U. citizens, while the Irish data protection watchdog is responsible for all users outside the U.S. and Canada, they added.
The group also criticizes the opinion of an expert used by the DPC that said that because there were no widely reported data breaches Facebook is secure. "This is like an engineer that says that as long as he hasnt read about a bridge collapsing it should be perfectly safe," the group said.
Europe vs. Facebook prepared its report for the DPC, which had asked the group to comment on its findings. In the report, the group reiterated its request that the DPC deliver all necessary files, evidence and counterarguments disclosed by Facebook that the group has not been allowed to see. Once it has this information, the group will ask the DPC for a formal, legally binding decision on all 22 complaints it has made. The conclusions of the last audit were non-binding.
However, the group expects that "the authority might not decide in the interest of users on all complaints," which would make a court procedure the only option left. When this case becomes before the court it is likely to go all the way to the European Court of Justice (ECJ), because user privacy is important enough to be a "landmark for the whole IT industry," Europe vs. Facebook said.
Legal action would be primarily directed at the Irish DPC, said Max Schrems, the Austrian law student who founded the group. "But Facebook can join them and we expect them to do so," he said, adding that if that happens Facebook would be a party in the litigation. The main problem is with Facebook and not with the DPC, he emphasized.
Schrems expects to need between A!100,000 and A!300,000 to cover court costs, and has launched a crowd funding platform at crowd4privacy.org to seek donations. At the time of writing, almost A!6,000 had been donated.
The Irish DPC had not yet received Europe vs. Facebook's report, but assumed that it will receive it shortly, spokeswoman Catriona Holohan said via email.
"Any input from them when received will be assessed as part of the preparation of the draft decisions they have sought," Holohan said, adding that Facebook will be asked for clarification if that is required.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- The Critical Role of Support in Your Enterprise Mobility Management Strategy Most business leaders underestimate the importance of tech support when they choose an EMM solution. Here's what to put on your checklist.
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Live Webcast Unmasking the Differences between Consumer and Enterprise File Sync & Share The consumerization of IT combined with the rapid pace of the modern mobile workplace is forcing enterprise IT teams to evaluate file sync...
- Live Webcast Government Agency Webifies Outdated COBOL Applications Let this CTO tell you how his agency converted 1980s-era green screens into an e-filing portal for the 100,000 cases handled each year...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the... All Applications White Papers | Webcasts