Facebook Goes On Privacy Offensive in Europe -- Update
October 13 2015 - 12:46PM
Dow Jones News
By Sam Schechner
Facebook Inc. is gearing up to fight a cascade of privacy
investigations in Europe, arguing that regulators are overreaching
in ways that could hurt the social network's ability to protect
users against hacking and fraud.
Ahead of a court ruling due in Belgium as early as this week,
the Menlo Park, Calif., company is attacking this case against it
as an ill-thought-out attempt to regulate privacy that would
instead remove one of the tools Facebook uses to stop automated
programs from hacking into users' accounts.
The case, brought by Belgium's Privacy Commission, is the most
advanced of five coordinated Facebook investigations launched by
regulators from Germany to Spain. If it loses the case, in which
the regulator has requested fines of EUR250,000 a day, Facebook has
threatened to make Belgian users endure more identity checks when
logging into the website to guard against hacking.
Facebook's response signals a pugnacious strategy as it takes on
European data-protection watchdogs, which have since earlier this
year been probing the company's new privacy policy for potential
violations of EU law.
Facebook initially fought the idea that national regulators
other than the one in Ireland, where it has its European
headquarters, even have jurisdiction.
Now it is also taking to the bully pulpit to argue against the
impact of the cases in a region that accounts for hundreds of
millions of users and more than $3 billion in revenue for the
company in the past year.
In Germany, for instance, a regulator ordered Facebook over the
summer to allow users to use pseudonyms as opposed to real names.
Facebook has appealed the order in court, and argues that its
policy helps ensure safety and privacy by ensuring users know with
whom they are sharing information. A ruling is expected this fall,
the regulator said.
Regulators in the Netherlands, France and Spain said their
inquiries were ongoing.
"Often regulators will focus on a very, very particular issue
and lose sight of the safety issues that affect all 1.5 billion
users," Alex Stamos, Facebook's chief security officer, said about
the cases.
The European privacy cases against Facebook are the latest
display of swagger for Europe's national data protection
authorities, which have been empowered by a series of European
court decisions to take on Facebook and other big tech firms.
Last year, for instance, the European Union's Court of Justice
put national regulators in charge of enforcing a new right to be
forgotten for search engines. Just last week, the court gave them
expanded powers to suspend trans-Atlantic transfers of personal
data by companies including Facebook.
Privacy advocates say the watchdogs are leading a long-overdue
rebalancing of power between consumers and companies that reap
growing profit from their personal information. But tech executives
say a patchwork of litigation in multiple countries that could
restrict their ability to do business in Europe. A Facebook
spokeswoman warned Tuesday that higher costs may lead to new
features arriving in Europe "more slowly, or not at all."
In the Belgian case, the regulator has alleged that Facebook
collects data on the web-browsing habits of its users and of people
who aren't logging into the site or using it at all, without
sufficient explanation or permission.
In particular, the Belgian regulator says the company uses its
"like" buttons scattered across the Internet to collect
information.
Facebook acknowledges that it does collect data on users'
Internet browsing even when they're not logged in, through a
snippet of computer code called a cookie that it places within an
individual's Web browser if they have visited the Facebook.com
website. That cookie, known as a DATR cookie, reports back to
Facebook whenever that browser accesses a Web page with an active
social plug in, such as a "like" button.
But the two sides dispute whether the process is necessary for
Facebook's security. The firm says it uses the information from
that cookie only to weed out browsers being piloted by a machine
rather than a human, and discards the browsing data after 10 days.
Machine-driven browsers are often used to hack into users' Facebook
pages, the company says.
"We can see that this browser, all it has done is hit 1,000
sites in 15 minutes, and that couldn't be a human being," Mr.
Stamos said.
Belgium's privacy commission however, says the cookie isn't
necessary to protect users. A spokeswoman declined to provide
further details but referred instead to a research report which it
commissioned that found Facebook was violating European privacy
law. Facebook has disputed those conclusions.
--Natalia Drozdiak in Brussels contributed to this article
Write to Sam Schechner at sam.schechner@wsj.com
Write to Sam Schechner at sam.schechner@wsj.com
Subscribe to WSJ: http://online.wsj.com?mod=djnwires
(END) Dow Jones Newswires
October 13, 2015 12:31 ET (16:31 GMT)
Copyright (c) 2015 Dow Jones & Company, Inc.
Meta Platforms (NASDAQ:META)
Historical Stock Chart
From Mar 2024 to Apr 2024
Meta Platforms (NASDAQ:META)
Historical Stock Chart
From Apr 2023 to Apr 2024