Facebookâs privacy policy violates European law, according to a study commissioned by the Belgian privacy commission, and released today, The Guardian reports.
Conducted by the Centre of Interdisciplinary Law and ICT at the University of Leuven, the report says the social networkâs updated policies, which came into effect last month, only expanded previous policy and practices, and violate European consumer protection law.
The authors argue that Facebookâs policies on profiling for third-party advertising do not âmeet the requirements for legally valid consentâ and that it âfails to offer adequate control mechanismsâ to prevent user-generated content being used for commercial purposes.
The report says: âFacebook places too much burden on its users. [They] are expected to navigate Facebookâs complex web of settings in search of possible opt-outs. Facebookâs default settings related to behavioural profiling or Social Ads, for example are particularly problematic.â
The đ of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!
It goes on to note that there is no way to stop the social network from collecting your location information via its smartphone apps other than switching off location access at the OS level.
No choice
The authors write: âUsers are offered no choice whatsoever with regard to their appearance in âsponsored storiesâ or the sharing of location data.â They also say that Facebook does not provide âadequate informationâ to allow users to make informed choices when options are available.
The report concludes that the collection and use of information described in Facebookâs policies does not comply with Article 5(3) of the EU e-Privacy Directive, which requires informed prior consent before storing or accessing information of your device.
Facebook is reported to have met with Belgian privacy minister, Bart Tommelein, to discuss the report and argued that its policy does not break Belgian data protection laws.
The company is also under investigation by the Dutch data protection authority as well as being subject to a probe by the Article 29 working party, which is comprised of data regulators from across Europe, including the UKâs Information Commissioner.
Late last year, the UK parliamentâs Science and Technology Committee argued that social media sites should be required to drastically simplify their terms and conditions.
Weâve contacted Facebook for a comment on the report and will update this story if it has anything public to say on the matter.
Update: Facebook sent us the following statement:
âWe recently updated our terms and policies to make them more clear and concise, to reflect new product features and to highlight how weâre expanding peopleâs control over advertising. Weâre confident the updates comply with applicable laws. As a company with international headquarters in Dublin, we routinely review product and policy updates  including this one  with our regulator, the Irish Data Protection Commissioner, who oversees our compliance with the EU Data Protection Directive as implemented under Irish law.â
TNW understands that Facebook was recently subject to two audits of its data protection policies by the Irish Data Protection Commissioner (IDPC) and found to be in compliance with EU law. Weâve contacted the IDPC for further details on the auditing process.
Update 2: The IDPC says it conducted its last audit of Facebookâs data protection policies in 2012. You can read it here.
†From social media service to advertising network [PDF via The Guardian]
Get the TNW newsletter
Get the most important tech news in your inbox each week.