EU claims Facebook's privacy policy is so obtuse it's illegal

There are many things that Facebook finds itself accused of on a regular basis. Unfairness to different groups, censorship of content, insensitivity, and endless problems surrounding its attitude to privacy and handling of user data. It seems that concerns about privacy were well-founded as a new report finds that the social network violated European law. Analysis carried out by the Belgian Privacy Commission and ICRI/CIR says that Facebook breaks the law in Europe in a number of ways. As well as placing too many expectations on users to be able to change settings for themselves.

Facebook is also accused of failing to give people the ability opt out of certain privacy-invading features. Back in January, Facebook made some changes to its privacy policies and also introduced simplified documentation. The report found that rather than cleaning up its act, Facebook merely highlighted some of its old, existing practices. The social network is criticized for its "complex web of settings", for failing to explain what is meant when users are told that their data will be used "for advertising purposes", and for not allowing people to opt out of Sponsored Stories and location sharing.

The report also poses an important question: "What are the precise implications of Facebook's extensive data gathering through third-party websites, mobile applications, as well recently acquired companies such as WhatsApp and Instagram?" Facebook's Statement of Rights and Responsibilities stands accused of failing to comply with the Unfair Contract Terms Directive. The report's authors say:

We argue that the collection or use of device information envisaged by the 2015 data use policy does not comply with the requirements of article 5(3) of the EU e-Privacy Directive, which requires free and informed prior consent before storing or accessing information on an individual's device.

While Facebook may argue that users have given consent for their data to be used in a variety of ways, the report disagrees:

To be valid, consent must be "freely given", "specific", "informed" and "unambiguous". Given the limited information Facebook provides and the absence of meaningful choice with regard to certain processing operations, it is highly questionable whether Facebook’s current approach satisfies these requirements.

While users are able to opt out of some features such as the use of personal data in advertisement, the fact that they did not actively opt in means that legally valid consent has not been given. Facebook is also criticized for the inclusion of unfair terms which violate European consumer protection law, and for abusing user data.

In response to the report, a Facebook spokesperson said:

We recently updated our terms and policies to make them more clear and concise, to reflect new product features and to highlight how we're expanding people's control over advertising. We’re confident the updates comply with applicable laws. As a company with international headquarters in Dublin, we routinely review product and policy updates ­ including this one ­ with our regulator, the Irish Data Protection Commissioner, who oversees our compliance with the EU Data Protection Directive as implemented under Irish law.

Photo credit: Gil C / Shutterstock