Facebook's privacy problems in Belgium highlight weaknesses in EU legislation

Belgium's privacy regulator is taking to the courts to make itself heard

A Belgian privacy lawsuit targeting Facebook highlights the difficulties national regulators will face policing the activities of international Internet companies until new privacy laws are passed.

The Belgian Commission for the Protection of Privacy is unhappy with the way Facebook handles the personal information of the nation's citizens and in May asked it to change its policies in a number of "recommendations," which have the force of law in the country.

Facebook, though, maintains it doesn't have to answer to the Belgian privacy watchdog as its international operations are run from Dublin, where the Irish Data Protection Commissioner oversees its compliance with the European Union Data Protection Directive as implemented under Irish law.

Exasperated by Facebook's flouting of its recommendations, the Belgian watchdog filed suit last week to force it to stop tracking people who do not have Facebook accounts, among other demands, and next Thursday the Court of the First Instance in Brussels will hear the Commission's case.

The case highlights a problem with current EU privacy regulations, and underscores the importance of reaching agreement on new laws under discussion.

National data protection authorities (DPAs) feel they should have jurisdiction over companies offering online services in their country -- but because many aspects of privacy law are defined at a European level, international companies want to be regulated where they are incorporated or registered.

It's not just an issue for Belgians: In other EU countries, including the Netherlands, Germany, France and Spain, DPAs are also having difficulties enforcing their rules.

EU lawmakers have been discussing a single set of data protection rules to fix the patchwork of national laws, but the Commission and Parliament have so far failed to reach agreement with ministers from the 28 member states. Proposals agreed by the ministers on Monday afternoon allow those negotiations to move forward, however.

Facebook said Monday it believes the Belgian suit has no merit. It had been due to meet the Commission next Friday, and slammed the regulator for what it called the "theatrical action" of taking the company to court a day before that meeting.

Among the regulator's accusations are that Facebook tracks all users, even people without an account, and continues to track people who have opted out of targeted ads. Facebook tracks users through plugins such as Like buttons installed on third party sites and cookies, according to a report commissioned by the Belgian DPA from the University of Leuven and researchers at the Vrije Universiteit Brussel.

Facebook disputed the report in an April blog post in which it said the researchers found "a bug" that may have sent cookies to some people that don't use Facebook, but promised to address the issue. While it receives standard information about visitors when people who opted out of ad-tracking visit sites with its plugins or other integrations, it is misleading for the researchers to call this tracking, it said.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityCivil lawsuitslegaldata protectionprivacyFacebook

More about EUFacebook

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Peter Sayer and Loek Essers

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place