Dutch regulator asks Facebook to hold off on privacy update, is rebuffed

Facebook said it won't wait

Saying that Facebook's new privacy policy could violate Dutch data protection laws, the privacy regulator in the Netherlands has asked it to postpone its introduction pending an investigation. But the social network won't hold back the rollout of new terms and policies on Jan. 1, and was "surprised and disappointed" by the data protection authority's move, a spokeswoman said.

"We recently updated our terms and policies to make them more clear and concise, to reflect new product features and to highlight how we're expanding people's control over advertising," she said, adding that Facebook is confident the updates comply with relevant laws.

As a company with its international headquarters in Dublin, Facebook routinely reviews product and policy updates -- including this one -- with the Irish Data Protection Commissioner, which oversees Facebook's compliance with the EU Data Protection Directive as implemented under Irish law, she added.

But the Dutch data protection authority isn't so sure the new policy complies with the law. Unveiled in November, the policy gives Facebook the right to use information and photos from user profiles for commercial purposes, the Dutch DPA said in a news release. It plans to investigate consequences of the new policy for Dutch users, including how it obtains permission for the use of their personal data, it said.

In the updated policy Facebook states that users give Facebook permission "to use your name, profile picture, content, and information in connection with commercial, sponsored, or related content (such as a brand you like) served or enhanced by us." Which means that, for example, "you permit a business or other entity to pay us to display your name and/or profile picture with your content or information, without any compensation to you."

If a user selects a specific audience for a post, such as "friends," Facebook will respect that choice, it said, adding that it will "not give user content or information to advertisers without consent."

However, all those clauses are also mentioned in the current terms that were last revised in November 2013, so it's unclear what new aspects the DPA objects to.

A spokeswoman for the Dutch DPA said the authority still has to assess the scope of the investigation.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicesCollege Bescherming Persoonsgevenssecuritysocial mediainternetprivacyFacebook

More about EUFacebookIDGNews

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Loek Essers

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts