News. Six European data authorities are going after and fining Facebook for abusing European personal data and not adhering the the laws. The allegations are long: Unlawful tracking. Legal requirements regarding consent, fairness, transparency and proportionality not met. Insufficient information about the use of personal data. Not allowing pseudonyms.
Facebook and other U.S. Internet firms have often made the argument that only the local law of the country in which they are headquartered should apply in the EU – here Ireland – the collective DPAs responded to that argument directly in a common statement;
“The DPAs united in the Contact Group conclude that their respective national data protection law applies to the processing of personal data of users and non-users by the Facebook Group in their respective countries and that each DPA has competence.”
In a statement to The Privacy Advisor, Facebook did not engage with the legal arguments in the DPAs’ statement. “At Facebook, putting people in control of their privacy is at the heart of everything we do,” said a spokesman. “We have invested a huge amount of time and resources to ensure that people understand which information we collect and the choices they have over how it is used. We’ve built teams of people who focus on the protection of privacy — from engineers to designers — and designed tools that give people choice and control. We’ll continue responding to officials’ questions, particularly as we prepare for Europe’s new data protection framework in 2018.”
There is no indication, however, writes The Privacy Advisor, that Facebook has changed its stance regarding applicable EU law.
The DPAs in the Contact Group appear to be concerned with two basic Facebook actions. First, the combination of data gathered via WhatsApp with the data gathered from Facebook users. Second is a larger issue where DPAs do not believe Facebook’s tracking methods and targeting advertising methods are lawful.