Hamburg loses rag with Facebook, threatens to sue
CURRENT Euro data protection law unlikely to agree
Hamburg's data protection authority has reportedly given up continuing its dialogue with Facebook and is preparing to sue the company over its use of facial recognition technology.
That might be tricky for the agency, however, given that the long-awaited overhaul to 1995's European data protection law has been delayed until early next year.
As European Commissioner Viviane Reding told this reporter in June, the data protection directive was supposed to arrive this autumn.
In the meantime, Facebook – on a European level – isn't currently breaching data protection law when it makes stealth tweaks to its technology without first informing its users of the change.
The directive should help address that loophole.
"You cannot hide anymore by saying 'my server is in Honolulu and my other server is in Kiev and...' I don't care," the commissioner told us in the summer.
"The law is for everyone who does business on the territory of Europe, whatever the origin of the business might be. So you cannot hide anymore by saying ‘I do not have my headquarters in Europe’."
Clearly, the Hamburg DPA has lost its patience with the dominant social network, hence the threat to sue the company.
"Facebook has introduced this [facial recognition] feature in Europe, without informing the user and without obtaining the required consent. Unequivocal consent of the parties is required by both European and national data protection law," said the DPA, courtesy of a translation from Deutsche Welle.
Reding might want to point out to the Hamburg DPA that its statement is slightly premature.
Facebook's German spokeswoman Tina Kulow gave the The Register this statement:
"We believe that any legal action is completely unnecessary. Tag Suggest feature on Facebook is fully compliant with EU data protection laws. On top of that we have given comprehensive notice and education to our users about Tag Suggest and we provide very simple tools for people to opt out if they do not want to use this feature," she said.
"We have considered carefully different options for making people even more aware of our privacy policies and are disappointed that the Hamburg DPA has not accepted these."
There's also the question of whether the 27-bloc states that make up the EU will respond positively to Reding's "Right to be forgotten" pledge that is loaded into the data protection law directive.
If the recent apathetic reaction of the Eurozone to Brussels' cookie privacy law in May this year is anything to go by, then Reding could yet have a tough time on her hands convincing individual countries to transpose the DP directive into national legislation. ®
COMMENTS
Opt outs should be banned
All such systems should work on the basis on opt in.
In order to opt out I must know what exists.
I must make contact with the company, often with whom I have no wish to do business
I must provide them with valuable personal data
I must trust them them treat my data with due respect
It raises questions as to why I have chosen to opt out.
Only a scheme were people wishing to participate have to provide their own consent in an informed way are acceptable.
I would agree, but then again...
... no you don't.
Just back up your stuff, cancel your account and move to another platform. Nobody forces anyone to use Arsebook.
The positive side effect of opting out entirely would be:
1) it's the only way they get the message as they don't give a rats ass about what YOU want
2) it's the only measure you have as your participation is the only thing they care about
3) you might actually get a real life back
IT infrastructure monitoring strategies
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
Data control in the cloud
Cloud based data management
Agentless Backup is Not a Myth
