A 26-year-old Austrian doctoral student at the University of Vienna is waging a legal battle that could force Facebook to change how it manages data in Europe.
Maximilian Schrems, privacy activist and founder of the advocacy group Europe Versus Facebook, claims that Facebook’s Irish unit breached European Union data protection laws by transferring information to the United States that was later obtained by the National Security Agency’s notorious PRISM program, a massive dragnet of electronic communication.
“We hope for a model case that will influence the whole IT industry and lead to proper respect of fundamental rights in Europe,” said Schrems. “We also want to enforce the most basic privacy rules on one of the biggest players on the Internet.”
Europe Versus Facebook has filed a petition in an Austrian court targeting Facebook’s international headquarters in Ireland, where it charges the Silicon Valley company failed to give adequate protection to data generated by members of the popular social network. The petition also accused Facebook of illegally monitoring, analyzing and tracking users.
The Austrian court asked Facebook to reply to the allegations within four weeks. More than 25,000 people have joined the lawsuit, including thousands from Austria, Germany, Finland and the Netherlands.
Former NSA contractor Edward Snowden revealed the PRISM dragnet last year in a series of classified documents leaked to The Guardian and Washington Post. Snowden fled to Russia, where he remains in political asylum.
Setting a Precedent
If Europe Versus Facebook succeeds, members of the lawsuit may receive €500 ($630) as compensation for the misuse of their personal information.
“We are only claiming a small amount,” said Shrems. “Our primary objective is to ensure correct data protection. However, if many thousands of people participate we would reach an amount that will have a serious impact on Facebook.”
The lawsuit isn’t Europe Versus Facebook’s first legal tangle with the American tech giant. In separate case dating from 2011, Schrems filed complaints with the Irish government’s Data Protection Commission alleging Facebook broke Irish laws that banned companies from processing personal data — including the “pokes” shared by Facebook’s 1 billion users.
Schrems also filed complaints that Facebook wasn’t deleting users’ messages upon request and was recording searches – such as when users look up friends also on the network.
The Data Protection Commission recommended Facebook change its data retention policy, allowing the social network to hold personal data only for a limited amount of time, clarify its data protection policy for users, and ask their consent to transmit pictures and names to third parties for advertising purposes.
Facebook agreed to change its data retention and deletion policies as well as give users more information about how the company uses their data – but it didn’t ask for users’ permission.
“We work on a daily basis with regulators around the world, and we appreciate the investment of time and effort by the Data Protection Commission and its leadership to improve the experience of Facebook users,” said Facebook's public policy director Richard Allan in a statement in December 2011.
Schrems revisited the issue in 2013 following Snowden’s revelations on the NSA mass surveillance program PRISM, dragging the Irish Data Protection Commission into court for failing to investigate the data transfers from Facebook Ireland to the company's headquarters in Menlo Park, California.
In June 2014, the Irish court acknowledged that “data protection rights have been seriously compromised by mass and largely unsupervised surveillance programs.”
In Pursuit of Justice
It’s still not clear whether Schrems has a case. The European Commission considers the U.S. to provide an adequate level of data protection under the U.S.-E.U. Safe Harbor agreement. Adopted in 2000, the accord allows U.S. companies to self-certify their compliance with E.U. data protection standards. The list of self-certified organizations includes Facebook.
But Schrems believes the agreement is outdated, and it appears he's not alone. In June, the Irish High Court passed the PRISM case to the European Court of Justice, the top court in Europe, citing the “considerable practical implication” of the decision for all E.U. member states.
The doctoral student believes the European Court of Justice is now preparing a ruling that could change not only how Facebook operates but others as well, like Google and Yahoo. In the meantime, wary of possible intrusion into their privacy, users in Europe have become increasingly suspicious of the social network’s tools.
Facebook’s new messenger app is a prime example of a service that Europeans are reconsidering. The app forces users to install software on their mobile phone and accept certain conditions, like sharing photos, videos and other data that they record using their devices.
Helen Nalty, a 53-old-year Dubliner, uses Facebook to keep in touch with family and friends. His demographic has turned out to be a core group for Facebook, which has failed to expand its reach among teenagers who have found other social networks in recent years. Nalty doesn’t want to use the new app.
“I have all my privacy settings switched on,” she said. “About a week ago, when I tried to check a private message on my phone, it told me that I had to download the new app. When I saw what it wanted access to, I decided I didn't want to give permission and did not install it.”
European authorities also insist that Facebook has to respect the E.U. data protection laws.
“Citizens should be in control of their personal data,” said E.U. Justice Commissioner Martine Reicherts. “The E.U. strives to protect privacy by empowering citizens with a set of rights they need for the digital age.”
A recent E.U. Court of Justice decision against Google in May clarified the way non-European companies, when offering services to European consumers and processing their data, must obey E.U. data protection rules no matter where their servers are located.
Now, Europe Versus Facebook is laying bare the social discontent mounting in Europe against other big American tech giants. While Europeans want to keep using Facebook's innovative products, another consensus is also becoming clear: people are tired of exchanging their privacy for basic access to new technology – whether on smart phones, tablets or laptops.
“People are well aware of the situation,” said Schrems. “The problem is that we don’t take action.”
3 WAYS TO SHOW YOUR SUPPORT
- Log in to post comments