Modern field guide to security and privacy

France attacks Facebook data tracking, opening new front in privacy battles

French data regulators have given Facebook three months to stop transferring data on French users to the US and to refrain from tracking nonusers.

|
Ruben Sprich/Reuters
Facebook's Chief Operating Officer Sheryl Sandberg attended the World Economic Forum in Davos, Switzerland, in January.

In yet another fissure between the US and Europe over digital privacy practices, French regulators ordered Facebook to curtail its online data collection practices.

The country's data protection authority, known by its French acronym CNIL, ruled this week to give Facebook three months to stop transferring data on French users to the states and to refrain from collecting information about nonusers, or else face hefty fines.

French regulators claim that the social media behemoth violates the country's data privacy laws because it tracks information on Internet users' sexual orientation, religious, and political views "without the explicit consent of account holders" and fails to inform users that it uses "cookies" – information about stores on users' browsers – to track activity on third-party pages.

The ruling is the latest blow to Facebook in Europe and comes amid a major overhaul of privacy regulations in the European Union that will affect how thousands of US companies handle Europeans' personal information.

Even though American and EU regulators agreed earlier this month on a new, more robust data privacy regime to satisfy Europeans' privacy concerns, that deal known as Privacy Shield will take months to put into place. 

In the meantime, companies such as Facebook face more uncertainty and roadblocks in their dealings with European data protection regulations. Until Privacy Shield is implemented, US tech firms must abide by the privacy policies of individual countries. 

The French ruling against Facebook "can easily happen to another American company," said Christopher Talib, campaign manager of Paris-based internet freedom watchdog La Quadrature du Net.  

"The minute they stop following the rules in France and the rights of our citizens, there is a problem," he said. "Internet users see that Like button everywhere but they never think that by clicking it, their privacy will be compromised."

The French data regulator's decision isn't the first time European countries have complained about the company's practices. Last fall, a Belgian court ruled that the company put a stop to tracking nonusers' browsing activity or face fines. In December, the company ultimately agreed to stop using Internet cookies that track nonusers' activity. 

In fact, Facebook's data collection practices in Europe were at the center of last year's court battle over the so-called Safe Harbor agreement, the transatlantic deal that outlined how American companies would safeguard European data.

The European Court of Justice eventually invalidated that deal after Austrian privacy activist Max Schrems argued that Facebook violated its terms. Essentially, he argued that Facebook couldn't keep data it moved to US servers safe from National Security Agency spying. The new Privacy Shield agreement is meant to put greater protections on Europeans' data.

Until Privacy Shield is put into action, it'll be a challenging period for US companies, since each country operates under its own legal framework, said Thomas Lanson, a security researcher at the Paris-based French Institute for International and Strategic Affairs. 

"The [US companies] needs to find a way to deal with that without altering its services," said Mr. Lanson.

French data regulators said it simply wants Facebook to give both users and nonusers notification about how the company is tracking them online – and what information it collects. "Companies should at a minimum inform users over transparency concerns," said CNIL. 

"European Internet users have rights that must be respected," the agency said. "It’s a question of confidence between the user and the internet service provider." 

In addition to France, data protection authorities in the Netherlands, Spain, and Germany are investigating Facebook’s compliance with local and European privacy legislation.

Facebook did not respond to a request for comment.

In a Financial Times interview last month, Facebook Chief Operating Officer Sheryl Sandberg said that "poorly designed regulation" would hamper innovation and stifle businesses. She encouraged regulators not to stand in the way of "progress" with burdensome privacy policies.

There are others who say that European regulators are also wielding privacy policies as a way of keeping data inside the EU, which could be a boon to the fledgling European digital economy.

"This digital revolution has created so many jobs in the US, but it's no secret that France is lagging behind in this domain," says Lanson of the Institute for International and Strategic Affairs.

American tech firms' revenues from European users goes to US companies instead of remaining in the country, at a time when the French – and European – economy is struggling. 

"This process destroys access for French companies to create advertising jobs and revenue and instead gives it to the US," he says. "Data protection is incredibly important for EU member countries for this reason."

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to France attacks Facebook data tracking, opening new front in privacy battles
Read this article in
https://www.csmonitor.com/World/Passcode/2016/0212/France-attacks-Facebook-data-tracking-opening-new-front-in-privacy-battles
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe