Privacy - Facebook isn't helping
Friday, 9th December 2011
As European lawmakers pursue their tough stance on privacy, Facebook’s latest humbling by United States regulators could make life harder for anyone who processes personal data in the cloud.
European Union Justice Commissioner Viviane Reading has been explaining her data protection plans to the Article 29 Working Party (the EU’s privacy watchdog). She wants to reduce administrative costs by eliminating compulsory notifications on personal data processing, but instead data controllers will have to observe privacy impact assessments for “risky” processing – and she also wants to streamline cross-border data protection cases by turning the Article 29 group into a new co-ordinating European Data Protection Board.
Earlier she had told a data protection congress in Paris that simpler binding corporate rules and consistent enforcement of data protection across Europe were needed. “Data protection laws that apply only within a given territory just do not work”, she declared.
“Simpler” sounds good. But meanwhile across the Atlantic, Facebook has again been getting into hot water over its apparently cavalier approach to privacy – and this could raise complications for everyone.
In a damning verdict covering violations going back to 2009, the United States Federal Trade Commission (FTC) has accused it of promising users that it wouldn’t share their data with advertisers – but it did. Facebook also claimed that when users deleted their accounts they would be inaccessible – but they weren’t. Above all, it claimed that it complied with the Safe Harbor framework that governs data transfer between the US and the EU – but it didn’t.
As a result, it’s going to have to get a third party audit confirming to the FTC that it has an adequate privacy programme in place, every two years for the next 20 years. This isn’t the first time recently that Facebook has had to give a guarantee of good behaviour; just a few months back, it was obliged to sign a privacy code of conduct with the German government (LiveWire comment here).
You could dismiss this as simply a problem for one gung-ho social network. But Facebook’s already stratospheric profile can only rise higher with its anticipated $10 billion initial public offering (Bloomberg report here) – and that could cause problems for business generally.
Why? Because Ms Reding is also determined to press on with her right to be forgotten. “Even tiny scraps of personal information can have a huge impact, even years after they were shared or made public,” she told the Article 29 Group; so individuals should be allowed to get them deleted any time they want.
Britain’s Information Commissioner has already said that the right to be forgotten just isn’t practicable (LiveWire comment here). But Facebook’s very public misdemeanours are only likely to stiffen Commissioner Reding’s resolve.