Today the social media giant Facebook is in the dock in Vienna facing a class-action lawsuit for the alleged violation of European privacy laws.
Some 25,000 users, including 900 from the UK, claim that privacy laws are breached in the way Facebook collects and uses data. The class-action suit claims that the way in which Facebook monitors the use of the site’s ‘like’ buttons is also in violation of privacy laws.
The case, which is being directly brought against Facebook’s European headquarters in Dublin, is being led by Austrian data protection campaigner Max Schrems. Mr Schrems, a lawyer on a self-proclaimed mission to curtail mass surveillance by social networking sites, also alleges that Facebook colluded with Prism, a surveillance system launched by the US National Security Agency in 2007.
A central part of the case focuses upon how businesses develop products that comply with US laws but are not subsequently adapted to meet the laws and regulations of other countries and regions, specifically in this instance those of Europe.
Mr Schrems told the BBC:
“It is not an epic fight with Facebook but more of a general question of where we are going and if we respect our fundamental rights in Europe”.
“Right now I have the feeling that we love to point the finger at the US in Europe, and say they are not respecting our privacy. But the reality is that we don’t really do anything about it – we complain, then go home and drink beer.”
Mr Schrems is demanding €500 ($667, £396) in damages for each of the 25,000 users.
This isn’t his first post…
This is not the first run-in Mr Schrems has had with Facebook. In 2011, he forced them to reveal all the information it was holding on him. Upon discovering information that he thought had been deleted or which he had not consented to being shared he lodged a complaint with the Irish Information Commissioner.
The case was referred to the European Court of Justice and resulted in Facebook restricting the use of its facial recognition software and made it easier for users to access the data Facebook held on them.
As they say in the press, the case continues. Facebook is yet to comment, but it’s safe to say, they probably don’t like it too much.
Europe has some of the most stringent data protection laws in the world. If you’re responsible for information security and data protection in your organisation then we’d advise you to read IT Governance: An International Guide to Data Security and ISO27001/ISO27002. It provides a global overview of information security laws and offers advice on adhering to them by implementing an information management system (ISMS) aligned to the ISO 27001 standard.