Facebook Privacy Battles Heat Up In Ireland

By David Cohen 

The next big deadline for Facebook in Ireland, where it has been working with the Office of the Data Protection Commissioner to respond to privacy concerns originally raised by Austrian group Europe Versus Facebook last October, is this October, when several privacy objectives the two parties agreed upon are due to be implemented.

A host of changes the social network agreed to make was due for auditing this month. Facebook missed its first-quarter deadline, but the ODPC said at the time that the company would not be punished, and the two parties would continue working together toward a solution.

Not to suggest that privacy and security should be taken lightly by Facebook users, but the issues appear to be far more important to regulators and advocacy groups, based on the 0.038 percent turnout for the social network’s online vote last month on proposed revisions to its statement of rights and responsibilities and data use policy.

ODPC Deputy Commissioner Gary Davis told Reuters:

It’s still all systems go on getting this work with Facebook to an end, and from our perspective producing an output that ensures that Facebook is compliant with European data protection.

CNET reported that not all is well between the ODPC and Europe Versus Facebook, as the regulator dismissed the advocacy group with the following terse text message from Davis to the group’s founder, Max Schrems:

Max, I know you have contacted the office. Neither the commissioner nor myself are available to speak to you. Regards, Gary.

Schrems responded with the following statement, as reported by CNET:

In a letter, we finally wanted to clarify problems we experienced in the proceeding before the ODPC. There is no written procedural law for the ODPC, which resulted in the ODPC “inventing” its own rules. These “inventions” massively weaken our position in the proceeding against Facebook: For about one year, we have been denied access to all files, evidence, and even the legal counterarguments by Facebook. A fair proceeding against Facebook is practically impossible under these conditions.

At the same time, this makes it impossible to assess if the ODPC has made a proper decision. The same is true for “deals” between the ODPC and Facebook. We cannot accept this situation before an authority within the EU. Unfortunately, this very likely means that there are no more chances for a fair proceeding for us in Ireland. We can currently not believe that the responsible officer can decide in an unbiased way after we have made our criticism public. It is unclear how this proceeding will go on. We will fly to Ireland next week and talk to lawyers. This means the situation will stay interesting.

Schrems also outlined his issues, as reported by CNET:

  • Facebook does not give us its counterarguments, since it said it was afraid that its arguments might be used against it in court.
  • The ODPC does not give us its legal counterarguments, either. Some selected arguments will be included in the “draft decision.” What will be included is based on the sole discretion of the ODPC. Facebook received our arguments from the very beginning.
  • Until now, the “raw data” we received from Facebook after we exercised our right to access was the most important piece of evidence.
  • Facebook stopped delivering such data after we published our findings, despite an obligation under the Irish and EU law to disclose such data within 40 days.
  • The ODPC is referring us to a “Download Tool (http://www.zdnet.com/blog/facebook/how-to-download-your-facebook-account/10034),” which holds some, but by far not all data, after waiting for this tool for about one year.
  • The tool does not provide the raw data (the way it is stored on the servers), but processed data, which is displayed as a normal webpage. Only Facebook can decide what information is available and in what format. External control is impossible.
  • The ODPC does not see any reason enforce this right to access, despite more than 1,000 users having made complaints and 100 complaining to the EU.
  • The entire procedure is run as a “secret trail.” We are generally denied to access any of the files or evidence in our own procedure.
  • We do not know about the different “deals” between the ODPC and Facebook.
  • We are not treated as a party of a legal proceeding, but like the general public.

The ODPC responded with a statement of its own, via CNET:

Europe Versus Facebook performed a useful public service in highlighting the specific issues raised in its complaints. We informed the organization last week that we had nothing to add to the answers we had already provided, both orally and in writing, and that therefore, senior staff members were not available to discuss such procedural matters any further.

Readers: How do you think the situation in Ireland will play out?

Image courtesy of Shutterstock.