Facebook accused of massive EU data law breach

A law student from Vienna claims Facebook is committing multiple breaches of European data protection laws - and he found out from the evidence that the social network itself provided him with.

Max Schrems, a 24-year-old law student from Vienna, exercised his legal right to obtain a CD of all information that Facebook held on him - something we showed readers how to do in an earlier article.

By examining the personalised CD he got from Facebook, Schrems discovered swathes of information about him that was not included in on the disc - and filed 22 complaints to the Data Protection Commissioner in Ireland, where Facebook's European operation is based, and created a website Europe vs Facebook, to highlight the problem and urge other fellow EU citizens to find out what data the social network is holding on them.

Key among Schrems' complaints is the fact that Facebook uses its 'Like' button to collect details about users' browsing habits. As thinq_ revealed back in November 2010, a cookie is planted on the user's machine every time they visit a page containing the 'Like' button - even if they don't click on it.

Facebook then uses another cookie to associate that page with all the other pages containing 'Like' buttons that the user has visited within the previous three months. For Facebook users, this data is then linked back to their profile - but the CD Max Schrems received contained no such data.

In a reply to Schrems' concerns, Facebook noted that certain information is exempted from a so-called subject access request under the Irish Data Protection Acts 1988 and 2003 if "disclosures in response would adversely affect trade secrets or intellectual property".

Is Facebook claiming that its user-tracking technology is a trade secret? And if so - why?

Let us know your thoughts in the comments below.

See the video below for an interview with Schrems on his fight with Facebook (English subtitles available):