Irish data-cops 'fooled' by Facebook, claims Austrian privacy group
Needs 'astronomical' funds for planned court campaign
Austrian student group europe-v-facebook has accused the Irish DPC of being "fooled" by Mark Zuckerberg's free-content ad network, which boasts 1 billion users worldwide and whose European headquarters are in Dublin.
The criticism comes as Facebook's public policy veep Elliot Schrage confirmed that the company had clarified some of its privacy proposals after discussions with the Irish data protection commissioner's office.
He said that provisions relating to sharing information with Facebook's "corporate affiliates", such as newly-acquired Instagram, were "standard in the industry".
We’ve revised this proposal to make it clear that the sharing of information among our affiliates is and will be done in compliance with all applicable laws, and where additional consent of our users is required, we will obtain it.
The last-minute change follows intervention from the Irish DPC, which had sought "urgent clarification" from Facebook about its data proposals. The commissioner's office told The Register last week that it fully expected the firm to modify its plans in line with European consent requirements.
El Reg asked the Irish data watchdog if it had been "fooled" by Facebook, following criticism levelled at it today.
A spokeswoman at the Irish DPC told us:
We have had no recent contact from europe-v-facebook in relation to the complaints it submitted to this office. We have consistently and repeatedly outlined to it our happiness to take forward formal decisions of the Commissioner in relation to the complaints submitted in whatever time-scale is acceptable to it.
We have not received any contact from it in this respect but would assume based on the press release [PDF] that we will shortly receive such contact which will allow us to commence the process.
The privacy lobby group said that while it considered the Irish regulator to be "on the right track" following an audit of Facebook in December 2011, it claimed that the DPC was "not at the final destination" yet.
The Irish authority has taken many important steps which moved privacy on Facebook forward, but when looked at it in more detail, has not always delivered solid and fact based results. Facebook's statements were simply adopted, even though many of them can be disproven with a few screenshots.
It seems like Facebook has also fooled the authority in some cases or did at least not stick to their promises.
The group noted that it could challenge the Irish watchdog's decisions in an Irish court, but it needs funding to do so as the costs would be "astronomical".
Facebook, which derives most of its revenue from advertising and is now answerable to its shareholders and Wall Street, said in response to europe-v-facebook that it was "committed" to helping people share photos and messages with friends across the globe.
"The way Facebook Ireland handles European users' data has been subject to thorough review by the Irish Data Protection Commissioner over the past year," it added.
"The latest DPC report [PDF from September 2012] demonstrates not only how Facebook adheres to European data protection law but also how we go beyond it, in achieving best practice. Nonetheless we have some vocal critics who will never be happy whatever we do and whatever the DPC concludes."
Meanwhile, europe-v-facebook has 21 days to appeal against the Irish DPC's decisions. It would appear it can only do so if it can raise between €100,000 and €300,000. The group is hoping to crowd source the necessary funds. ®
Sponsored: The Nuts and Bolts of Ransomware in 2016