After U.S. internet giant Google in 2012, it is now the turn of Facebook — the world’s largest social network, with 1.4 billion users worldwide — to be placed under the microscope by EU data protection authorities.
On January 30, 2015, Facebook rolled out its new Data Use Policy and Terms of Service. The following week, several of the EU’s data protection authorities formed a task force to investigate Facebook’s privacy practices, focusing on the way Facebook combines data from its various services, notably Instagram and WhatsApp, to target advertising towards its users, and how it uses its “like” button to track user internet browsing activities.
In the Google case, the conclusions of the group of EU data protection authorities (the G29) were the results of a 7-month investigation, followed by months of negotiations with the Mountain View firm concerning the corrective measures to be implemented. As for Facebook, an announcement may coincide with the 37th International Conference of Privacy and Data Protection Commissioners, to take place in October 2015 in Amsterdam.
In the meantime, 25,000 Austrian users have filed a class action against Facebook in Vienna for alleged privacy breaches, and a recent ICRI/CIR (KU Leuven) and iMinds-SMIT (Vrije Universiteit Brussel) report commissioned by the Belgian Privacy Commission has concluded that “Facebook combines data from an increasingly wide variety of sources” and that there is a “growing variety of types of information that are obtained regarding Facebook users“, creating “a vast advertising network which uses data from inside and outside Facebook to target both users and non-users of Facebook“, who are usually unaware of how their data is used and therefore are “disempowered“.