Business Law & Compliance

Facebook: Make sure your privacy policies are watertight

3 min read

07 April 2015

A report just published by the Belgian data protection agency on Facebook’s privacy policies could have serious implications for any businesses using targeted advertising via this social platform and, more generally, for the use and collection of personal data for marketing purposes.

The study is heavily critical of Facebook, alleging that its use of tracking browser activity, opaque terms and conditions and privacy policies and failure to comply with user opt-outs represent serious breaches of EU e-Privacy and consumer protection law.

Some of the report’s most shocking claims are that Facebook tracks browser activity even if the user is not logged in to Facebook and even if they have specifically sought to block Facebook’s data collection by registering with third party cookie blocking sites such as European Digital Advertising Alliance. That is, Facebook gathers data for advertising purposes from people who do not use Facebook directly and are not subscribers to the service.
  
The report claims that “…Facebook tracks its users for advertising purposes across non-Facebook websites by default, ie unless users take steps to opt-out. Even if the user takes the additional step to opt-out, he or she will still be tracked by Facebook using cookies, but Facebook *promises* it won’t use the information for ad targeting purposes.”   

Read more about Facebook:

If the report is accurate, this is a major issue for Facebook and other social media platforms who operate in a similar way: it could lead to legal proceedings. Facebook is already facing action in Europe in respect of material allegedly passed by Facebook’s European headquarters (in Dublin) to US security agencies. These revelations will add further pressure to the already tense  relations between the US and the EU over data privacy which are threatening the Safe Harbour framework which is the fundamental basis of transfers of data from the EEA to the US.  

It’s likely to also lead to an acceleration of proposed EU legislation that will increase the reach of EU privacy law to cover the EEA-based activities of US entities such as Facebook, and introduce much more stringent regulations about how organisations can use data gathered from users for advertising purposes

If you are a business that uses personal data for marketing purposes, not just via Facebook but via other social media platforms, or an application developer linked to Facebook, now is the time to start reviewing how you gather that data and whether you too could fall foul.   

Take the time now to have a top-down review of your processes and compliance, including how you obtain consent. You need to make sure your existing data protection policies are not breaching any EU legislation. These are very troubling claims and this is an area that will only continue to come under scrutiny, so don’t shut the gate after the horse has bolted.

Susan Hall is a partner and data protection specialist with the law firm Clarke Willmott LLP.

Image source