With Facebook's IPO on its way, I would like to share some information about the ongoing discussion about the social network's privacy issues from a European perspective.
European countries like Germany and Austria are known for its very strict data protection laws. This of course is also true for any other country that belongs to the European Union. Because of these strict laws, a firm is very limited in the use of its users’ data, especially when it comes to use the data for marketing purposes. To address the growing concerns about privacy, the European Commission has implemented an additional layer of protection through its European data protection law as well as a Data Protection Commissioner (DPC). The DPC is legally responsible for privacy for all users within the European Union.
Countries that are members of the European Union have created their individual and local data protection laws, which are based on the European Union’s Data Protection Directive of 1995. The member states of the European Union have very differently implemented this set of rules, which resulted in “divergences in enforcement”.
It is important to point out that under “EU law, personal data can only be gathered legally under strict conditions, for a legitimate purpose. Furthermore, persons or organizations which collect and manage your personal information must protect it from misuse and must respect certain rights of the data owners which are guaranteed by EU law.” Thus the user has to explicitly agree to any use of his data and also has to be informed about how the data might be used.
In an effort to further strengthen the protection of personal data, the European Commission recently proposed “a major reform of the EU legal framework on the protection of personal data. The new proposals will strengthen individual rights and tackle the challenges of globalization and new technologies.” The European Commission considers the protection of personal data to be a fundamental right. Because the way a user’s data is collected, accessed and used has profoundly changed within the past few years, this comprehensive reform of the European Unions’ data protection rules of 1995, has become a necessary step. The goal is to also unify the currently very differently implemented data protection laws within the European Union to one single law. “A single law will do away with the current fragmentation and costly administrative burdens, leading to savings for businesses of around €2.3 billion a year. The initiative will help reinforce consumer confidence in online services, providing a much needed boost to growth, jobs and innovation in Europe.”
As you can imagine these laws make it more difficult for companies like Facebook to enter the European market and comply with the rules. Companies can’t just run their business the same way as they are used to within the US. Especially Facebook has recently been confronted with major privacy concerns and is under investigation by the DPC. A small group of Austrian students has recently formed an initiative called “Europe versus Facebook” and filed a total of 22 complaints (!) about the US-based company for violating the data protection laws within the European Union. The following statement from the initiative “Europe versus Facebook” shows how difficult it must be for Facebook to comply with the rules of the European Union: “In a first report the Irish DPC has listed numerous measurements Facebook has to comply with in order to improve its compliance with the Irish and European law. At the same time we think that this only brings Facebook in line with the law for maybe 10%. We are right now fighting for the other 90%.”
If the European Commission decides that Facebook is indeed violating its rules, it could become a major problem for the US-based company. The necessary changes that are currently in discussion could force Facebook to implement major changes in its technological backend that seriously could limit its functionality in one of its most important markets. It is very interesting for me that I have not read a single word about this ongoing investigation and its potential threat to Facebook in any US publication so far. The Facebook public relations team is obviously doing a great job in keeping potential investors happy, before the highly anticipated IPO takes place. I guess that Facebook will have a lot of work to do to satisfy the European Commission and in order to not be penalized like other US companies before (in 2004 Microsoft had to pay a fine of almost 800 million USD in the Microsoft antitrust case). But what are 800 million USD when you can afford to buy Instagram for one billion USD ...
Sorry for the much too long post – but it just is a complex topic.
ReplyDeleteThis underscores the importance of maintaining user privacy, security of data and protection of IP on the internet and particularly if the company operates in a global landcape. While the US has realized this and has recently crafted the SOPA and PIPA legilsation, it is behind Europe and South East Asia in terms of a comprehensive legal framework that governs this important facet of the internet. Think Local Act Global is the need of the hour and Facebook will do well to recognize that when it comes to data privacy and security online.
ReplyDeleteVery informative article.
Thank you for the comment Sael. Fortunately for companies like Facebook the European Commission has proven to be very slow in reacting and forcing companies to comply with its standards and laws. If the European Union would be organized more like the US, it would have been almost impossible for Facebook to even get started ...
Delete