This article is more than 1 year old

Facebook privacy policy violates European law, says report

Default settings for behavioural profiling remain problematic

Facebook's privacy policy is in breach of European law, a report commissioned by the Belgian Data Protection Authority concluded on Monday.

"Facebook’s opt-out system for advertising does not meet the requirements for legally valid consent," said the report by the Centre of Interdisciplinary Law and ICT and Intellectual Property Rights at the University of Leuven, Belgium.

Its policies contain a number of provisions which do not comply with the Unfair Contract Terms Directive, said the report. "These violations were already present in 2013, and they are set to persist in 2015," it said.

The report added that opt-outs for "sponsored stories” or collection of location data are "simply not provided".

One of the recommendations is for Facebook to offer granular in-app settings for sharing of location data, with all parameters turned off by default.

Facebook's current default settings for behavioural profiling and advertising remain problematic, the report added.

The authors also noted the site's ability to monitor and track users’ activities outside Facebook "has increased exponentially".

On Wednesday Facebook representatives met with Belgian privacy minister, Bart Tommelein, in an attempt by the company to persuade him that its privacy policy is not in breach of the Belgian Data Protection Act.

The company is already being investigated by the DPA after it unveiled plans to overhaul its new privacy policy in November.

A Facebook spokesman said: "We recently updated our terms and policies to make them clearer and more concise, to reflect new product features and to highlight how we're expanding people's control over advertising."

"We’re confident the updates comply with applicable laws," the spokesman added, and "as a company with international headquarters in Dublin, we routinely review product and policy updates, including this one with our regulator, the Irish Data Protection Commissioner, who oversees our compliance with the EU Data Protection Directive as implemented under Irish law." ®

More about


Send us news

Other stories you might like