NO TAGS without permission
NO TAGS without permission
Max v Facebook, a modern day David v Goliath tale

Max Schrems, a law student at the University of Vienna, has become by its own merits the protagonist of a battle that has confronted Facebook with European laws on data protection, which are stricter than their U.S. counterparts. To avoid paying taxes on profits earned outside the United States, the social networking giant established its headquarters in Ireland. This apparent advantage is becoming its Achilles heel, at least in terms of privacy, since all users of Facebook outside the United States and Canada must accept the agreement with Facebook Ireland, which in turn is subject to the European data protection laws.

During his semester at the University of Santa Clara, in Silicon Valley, Max attended a lecture by Ed Palmieri, Facebook privacy lawyer. Palmieri showed a blatant lack of knowledge and respect for the European data protection laws. To Ed Palmieri, these laws are only decorative and as a company, Facebook believes that there’s no need to strictly comply. Seen that, the young law student began investigating the kind of personal information that Facebook retains about its users.The European directive on data protection requires companies to disclose any information they store about their users. Max did not get all the information that Facebook records about him, but perhaps by mistake, he could get a much more detailed report than what the company usually collects and delivers to minimally comply with the European directive. This allowed Max to discover how many categories of sensitive data was stored on the U.S. company’s server, and was able to plan a strategy to denounce Facebook’s abuses and breaches.

Max Schrems began a discreet but effective legal battle through the Irish body for data protection, by sending 22 claims detailing all articles of the European directive on data protection (officially: Directive 95/46/EG) that Facebook violates .

Facebook, the dream tool of intelligence and espionage organizations of the like of the KGB or the Stasi, has been forced to comply with European directive since the end of 2011, as the Irish data protection commissioner ruled in Max Schrems’ favor. This was a great victory for Max and the Irish Data Protection Commissioner, as this office does not have sufficient means to deal with such cases. Violation of the European laws of data protection are not punished directly, so Facebook was able to negotiate a settlement and agreed to meet some of the demands, while winning the trust of its users in Europe (still ignoring the requests of other non-European users even if they are legally using a service from an Irish company).

Among the complaints sent to the Irish data protection commissioner, there are a few paragraphs related to tagging photographs. According to the terms of use, Facebook requires its users not to tag others without their consent. Several European data protection agencies have already said that the legal obligation or protection is not sufficient if not applied in practice: Facebook should prevent tags from being published without the consent of the affected user using technology means.

The directive also requires that if a user deletes his data, Facebook has to also delete it. Max discovered in the wake of its investigation that Facebook simply hides data: despite having been deleting all his profile data before requesting the report, Facebook returned a detailed PDF with all his messages, photos and comments that should not exist on the company servers.

Facebook is complying with the laws but delaying its implementation. Trying to win the trust of its users, it offers alternatives to satisfy them and not have to comply strictly with the rules. Of all the categories that Facebook records about each user, the social network only lets you download from your user profile a few, and hides some of the remaining categories to those who, like Max Schrems, request them repeatedly and consistently. There are a number of categories that Facebook refuses to disclose on trade secret grounds: basically they are saying that the data they have about you is their intellectual property and that they need to protect it. One of the things that they refuse to send is what they can infer by analyzing photographs; people’s faces, as well as their age, gender, or mood is known to be inferred.

Somehow Europe is dictating good practices that should be followed on issues related to data protection and privacy on social networks. Facebook in turn, is playing cat and mouse, complying partially, hiding other parts, and continually finding new ways to cheat. Whereas in the United States any opportunistic lawyer willing to sue would have used this opportunity to reimburse a substantial economic figure, Max is still fighting so that if a company trades with our privacy, it does so in a transparent manner and in strict compliance with the law. Thankfully, Max has been granted an extension to complete his law studies at the University of Vienna, who so generously have allowed him to present his final project a few months later. The passionate struggle of a single student of law against an entire social networking giant can be followed through the website “Facebook Vs Europe”

Comments are closed.