This article is more than 1 year old

Irony isn't dead... Facebook sues EU on data privacy grounds for requesting too much personal data

'Exceptionally broad' demands reveal too much about our staff!

American tech giants have enjoyed a reversal of their EU legal fortunes over the past fortnight as Euro nation courts issued rulings in their favor – and now Facebook has even sued the European Union itself, alleging the political bloc’s agencies broke their own data protection rules.

Facebook filed a lawsuit against EU competition regulators on Monday alleging that enforcers were improperly seeking access to sensitive employee personal data.

The anti social media network said in a statement to financial newswire Reuters that EU regulators had made “exceptionally broad” demands for documents during an antitrust investigation into Facebook’s online marketplace.


Judge green-lights Facebook, WhatsApp hacking lawsuit against spyware biz NSO, unleashing Zuck's lawyers


Facebook assistant general counsel Tim Lamb was quoted as saying, apparently with a straight face: “The exceptionally broad nature of the Commission’s requests means we would be required to turn over predominantly irrelevant documents that have nothing to do with the Commission’s investigations, including highly sensitive personal information such as employees’ medical information, personal financial documents, and private information about family members of employees.”

Notwithstanding Facebook's business model of encouraging the world's citizens to upload such details about themselves to Facebook's services for the company to monetise, the suit has been filed in the EU General Court in Luxembourg. It includes demands for the court to halt further EU regulatory data demands against Facebook until further notice. An EU Commission spokesman said it would defend the lawsuit.

Facebook also told the newswire that EU agents had demanded copies of any internal Facebook document containing phrases such as “not good for us”, “big question” and “shut down”, among 2,500 others.

The mere existence of the case is troubling for Brussels, which sees itself as a global centre for data protection and enforcement. For a US tech firm, no less, to try and enforce EU rules against the bloc itself is a significant political statement – though it seems unlikely the suit will be pursued all the way to a formal judgment.

Some you win...

Separately, in Germany Google won a lawsuit over the EU right to be forgotten (RTBF) after refusing to delete search results about a charity director who called in sick while his organisation got into financial difficulties.

A second RTBF case was referred by the German jurists up to the EU Court of Justice for a separate ruling. Two financial services company directors wanted negative search results about their business model deleted, a case that sounds superficially similar to one brought in the UK two years ago.

... and some you lose

Unfortunately for the search adtech company, a Belgian court fined it 600,000 euros (£540,000) earlier this month for refusing to delete links to news stories about someone who “plays a role in Belgian public life,” and who was accused of harassment around a decade ago, as Bloomberg reported in mid-July.

The RTBF does not apply outside the bloc’s borders, as its top court ruled last year. It has occasionally proved troublesome for Google, as in the case of the nameless man demanding Google delete blog posts about his criminal past while refusing to identify himself. “ABC”, as judges named him, continues to pursue his case through the English Court of Appeal to the current day. ®

More about


Send us news

Other stories you might like