|President Obama speaks to Facebook's Mark Zuckerberg, at a dinner in Silicon Valley, March 2011|
Mark Zuckerberg, the co-founder and chief executive of Facebook, on a phone call to the White House last March, complained directly to President Obama about spying by the United States government on the activities of some of the social network's more than 1bn users. However, any half-clued in user of the service would be aware that the maze of privacy settings are designed to make it inconvenient to change them and a study published on Monday says Facebook’s new data use policy and terms of service are “in violation of European law.”
The study by academics commissioned by Belgium’s Privacy Commission says Facebook places “too much burden” on users, making it difficult to opt out of certain features and users are not provided with sufficient information about how the company uses personal data in adverts.
Monday’s study examined Facebook’s privacy settings and terms and conditions, which went into effect on January 31.
“Facebook’s revised Data Use Policy is an extension of existing practices. This nevertheless raises concerns because Facebook’s data processing capabilities have increased both horizontally and vertically,” the report said. “Both are leveraged to create a vast advertising network which uses data from inside and outside Facebook to target both users and non-users of Facebook.”
Facebook requires users to navigate a complex web of settings, including for privacy, apps, advertisements and followers while its default settings related to behavioural profiling or social ads, for example, are especially problematic, it said. Opt-outs for sponsored stories or of location data aren’t provided, it added.
The Belgian academics warn that Facebook’s ability to track users’ activity outside Facebook have risen exponentially overtime, mainly via the spread of social-plugins such as Like” buttons and through new forms of mobile tracking. It said Facebook now gathers information through these plugins regardless of whether the buttons are used.
Facebook’s ownership of Instagram and WhatsApp has also enabled it to collect more kinds of user data, which enables more detailed profiling.
The report noted that it is impossible to add information on Facebook that may not later be used for targeting advertisements.
“Any ‘like’ may become a trigger to portray a user in a ‘Sponsored Story’ or Social Ad. From the latter one can opt-out, but the only way to stop appearing in Sponsored Stories, is by stopping to ‘like’ content altogether. Users are even more disempowered because they are unaware about how exactly their data is used for advertising purposes,” the report said.
The Financial Times says that the criticism comes as the EU attempts to come up with new rules on data protection. The bloc’s current laws on the topic date back to 1995, nearly a decade before Facebook was founded.
“As a company with international headquarters in Dublin, we routinely review product and policy updates, including this one, with our regulator, the Irish Data Protection Commissioner, who oversees our compliance with the EU Data Protection Directive as implemented under Irish law,” the company said in a statement.
It added that data policies have been audited twice and Ireland’s data protection agency found them to be “best practice” in 2012 — however Ireland's public agencies have a poor track record of standing up to prominent US firms.
While the Irish data commissioner may have been impressed in 2012, in August 2013 The New York Times reported that "the company is [ ] deliberately deleting information about specific privacy controls. Instead, Facebook decided it was better to send users to various other pages, such as one on advertising, to learn more about privacy issues and how to adjust the controls.
For example, the data use policy will no longer offer a direct path to the control for opting out of your name and activities on the site being used as endorsements on ads sent to your friends.
Facebook is also doing nothing to simplify its maze of privacy settings. The company doesn’t offer clear links or explanations of the settings from its own 'Facebook and Privacy' page, and its Graph Search feature isn’t especially helpful for the task, either.
Privacy controls are still buried in at least six different menus. To plunge down the rabbit hole, click on the little lock icon next to your name in the top-left column of your news feed page. You will find privacy settings in the tabs for Privacy, Timeline and Tagging, Blocking, Followers, Apps and Ads."
In March 2014 Mark Zuckerberg rang President Obama to complain about a report that the US National Security Agency has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive. In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam.
Last week the president said that European scrutiny of companies such as Google and Facebook was driven by the “commercial interests” of the region’s tech companies who struggle to compete with better American rivals.
“We have owned the internet. Our companies have created it, expanded it, perfected it in ways that they can’t compete. And oftentimes what is portrayed as high-minded positions on issues sometimes is just designed to carve out some of their commercial interests,” Obama said in an interview with technology news site Re/Code.
The president has in the past criticised massive tax avoidance by such companies and his recent comments are seen as pandering.
“This point — that regulations are only there to shelter our companies — is out of line,” said a European Commission spokesperson. “Regulation should make it easier for non-EU companies to access the single market,” she went on. “It is in [US companies’] interest that things are enforced in a uniform manner.”