META Meta Platforms Inc

By Sam Schechner 

Facebook Inc. is gearing up to fight a cascade of privacy investigations in Europe, arguing that regulators are overreaching in ways that could hurt the social network's ability to protect users against hacking and fraud.

Ahead of a court ruling due in Belgium as early as this week, the Menlo Park, Calif., company is attacking this case against it as an ill-thought-out attempt to regulate privacy that would instead remove one of the tools Facebook uses to stop automated programs from hacking into users' accounts.

The case, brought by Belgium's Privacy Commission, is the most advanced of five coordinated Facebook investigations launched by regulators from Germany to Spain. If it loses the case, in which the regulator has requested fines of EUR250,000 a day, Facebook has threatened to make Belgian users endure more identity checks when logging into the website to guard against hacking.

Facebook's response signals a pugnacious strategy as it takes on European data-protection watchdogs, which have since earlier this year been probing the company's new privacy policy for potential violations of EU law.

Facebook initially fought the idea that national regulators other than the one in Ireland, where it has its European headquarters, even have jurisdiction.

Now it is also taking to the bully pulpit to argue against the impact of the cases in a region that accounts for hundreds of millions of users and more than $3 billion in revenue for the company in the past year.

In Germany, for instance, a regulator ordered Facebook over the summer to allow users to use pseudonyms as opposed to real names. Facebook has appealed the order in court, and argues that its policy helps ensure safety and privacy by ensuring users know with whom they are sharing information. A ruling is expected this fall, the regulator said.

Regulators in the Netherlands, France and Spain said their inquiries were ongoing.

"Often regulators will focus on a very, very particular issue and lose sight of the safety issues that affect all 1.5 billion users," Alex Stamos, Facebook's chief security officer, said about the cases.

The European privacy cases against Facebook are the latest display of swagger for Europe's national data protection authorities, which have been empowered by a series of European court decisions to take on Facebook and other big tech firms.

Last year, for instance, the European Union's Court of Justice put national regulators in charge of enforcing a new right to be forgotten for search engines. Just last week, the court gave them expanded powers to suspend trans-Atlantic transfers of personal data by companies including Facebook.

Privacy advocates say the watchdogs are leading a long-overdue rebalancing of power between consumers and companies that reap growing profit from their personal information. But tech executives say a patchwork of litigation in multiple countries that could restrict their ability to do business in Europe. A Facebook spokeswoman warned Tuesday that higher costs may lead to new features arriving in Europe "more slowly, or not at all."

In the Belgian case, the regulator has alleged that Facebook collects data on the web-browsing habits of its users and of people who aren't logging into the site or using it at all, without sufficient explanation or permission.

In particular, the Belgian regulator says the company uses its "like" buttons scattered across the Internet to collect information.

Facebook acknowledges that it does collect data on users' Internet browsing even when they're not logged in, through a snippet of computer code called a cookie that it places within an individual's Web browser if they have visited the Facebook.com website. That cookie, known as a DATR cookie, reports back to Facebook whenever that browser accesses a Web page with an active social plug in, such as a "like" button.

But the two sides dispute whether the process is necessary for Facebook's security. The firm says it uses the information from that cookie only to weed out browsers being piloted by a machine rather than a human, and discards the browsing data after 10 days. Machine-driven browsers are often used to hack into users' Facebook pages, the company says.

"We can see that this browser, all it has done is hit 1,000 sites in 15 minutes, and that couldn't be a human being," Mr. Stamos said.

Belgium's privacy commission however, says the cookie isn't necessary to protect users. A spokeswoman declined to provide further details but referred instead to a research report which it commissioned that found Facebook was violating European privacy law. Facebook has disputed those conclusions.

--Natalia Drozdiak in Brussels contributed to this article

Write to Sam Schechner at sam.schechner@wsj.com

Write to Sam Schechner at sam.schechner@wsj.com

Subscribe to WSJ: http://online.wsj.com?mod=djnwires

(END) Dow Jones Newswires

October 13, 2015 12:31 ET (16:31 GMT)

Meta Platforms (NASDAQ:META)
Historical Stock Chart
From Mar 2024 to Apr 2024

Meta Platforms (NASDAQ:META)
Historical Stock Chart
From Apr 2023 to Apr 2024