Facebook Sued In Belgium For Social Plug-in Tracking, EU Passes Stricter Privacy Law
Who has jurisdiction to regulate global internet companies at center of action.
Just like Google, Facebook faces a wave of investigations and potential sanctions across Europe for its privacy policies. A series of Belgian privacy watchdog-sponsored reports have been harshly critical of Facebook’s policies and alleged lack of transparency to end users.
Now the Belgian privacy authority has filed suit against Facebook. The action is directed at the alleged practice of cookie-based tracking of non-Facebook European users on third party sites through social buttons or plug-ins. However this is only one of several complaints against the company leveled by privacy regulators across Europe.
The purpose of the litigation appears two-fold: to establish jurisdiction over Facebook in Belgium and to create negotiating leverage for regulators there. Apparently Facebook has not been satisfactorily cooperative with Belgian regulators according to multiple sources.
Facebook, whose European operations are based in Ireland, takes the position that the Irish Data Protection Commissioner has jurisdiction over the company and its policies. Obviously the Belgians and other EU-member privacy regulators disagree. And this action (among others) is partly about who gets to influence or set policy and regulate global internet companies.
Indeed, there are multiple levels of intrigue, law and politics on display in Belgium.
First there’s the question of whether the specific cookie-based “tracking” of non-Facebook users actually violates European privacy laws. Then there’s the regulatory power play and “realpolitik” dimension of trying to exact negotiating concessions from Facebook through use of the courts. Finally there’s the more important, larger jurisdictional question of who gets to set policy across the EU with its 28 member countries.
This issue most recently came up in the context of the Right to Be Forgotten, with French authorities demanding that Google de-index content not just in Europe but across all Google sites globally.
Against the backdrop of the Belgian lawsuit and the country jurisdiction debate, EU member states have agreed to a new draft data-protection law that would create uniform rules across Europe, which are desired by internet companies. But it also creates more stringent privacy regulations, which are not desired by most US internet companies.
The new rules, according to the Wall Street Journal, place much stricter limits on the use of data and consumer profiling. If formally adopted, the law would go into effect next year with a compliance grace period.