Related topics

Hamburg loses rag with Facebook, threatens to sue

CURRENT Euro data protection law unlikely to agree

Hamburg's data protection authority has reportedly given up continuing its dialogue with Facebook and is preparing to sue the company over its use of facial recognition technology.

That might be tricky for the agency, however, given that the long-awaited overhaul to 1995's European data protection law has been delayed until early next year.

As European Commissioner Viviane Reding told this reporter in June, the data protection directive was supposed to arrive this autumn.

In the meantime, Facebook – on a European level – isn't currently breaching data protection law when it makes stealth tweaks to its technology without first informing its users of the change.

The directive should help address that loophole.

"You cannot hide anymore by saying 'my server is in Honolulu and my other server is in Kiev and...' I don't care," the commissioner told us in the summer.

"The law is for everyone who does business on the territory of Europe, whatever the origin of the business might be. So you cannot hide anymore by saying ‘I do not have my headquarters in Europe’."

Clearly, the Hamburg DPA has lost its patience with the dominant social network, hence the threat to sue the company.

"Facebook has introduced this [facial recognition] feature in Europe, without informing the user and without obtaining the required consent. Unequivocal consent of the parties is required by both European and national data protection law," said the DPA, courtesy of a translation from Deutsche Welle.

Reding might want to point out to the Hamburg DPA that its statement is slightly premature.

Facebook's German spokeswoman Tina Kulow gave the The Register this statement:

"We believe that any legal action is completely unnecessary. Tag Suggest feature on Facebook is fully compliant with EU data protection laws. On top of that we have given comprehensive notice and education to our users about Tag Suggest and we provide very simple tools for people to opt out if they do not want to use this feature," she said.

"We have considered carefully different options for making people even more aware of our privacy policies and are disappointed that the Hamburg DPA has not accepted these."

There's also the question of whether the 27-bloc states that make up the EU will respond positively to Reding's "Right to be forgotten" pledge that is loaded into the data protection law directive.

If the recent apathetic reaction of the Eurozone to Brussels' cookie privacy law in May this year is anything to go by, then Reding could yet have a tough time on her hands convincing individual countries to transpose the DP directive into national legislation. ®

Sponsored: 10 ways wire data helps conquer IT complexity