Slashdot Mirror

← Back to Stories (view on slashdot.org)

France Launches Second Salvo Against Facebook (liberation.fr)

Posted by timothy on from the destroyers-vs-creators dept.

Eunuchswear writes: After Mondays decision by the French CNIL (National Center for Computers and Freedom) that Facebook must stop tracking non-users, the DGCCRF (General Direction for Competition, Consumption and Repression of Fraud), has ruled that Facebooks terms of use are abusive and must be changed within 60 days." The linked story is in French, but for those of us who don't speak the language, Google translate works. Here's the DGCCRF's Facebook page.

4 of 84 comments (clear)

  1. Re:how about other third-party tracking? by Opportunist · · Score: 4, Insightful

    Probably mostly that politicians can't see cookies as easily as they can see FB.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. You have to start somewhere by Anonymous Coward · · Score: 5, Insightful

    We all know that there are many, many trackers on the web; many of them are not visible to end users *at all*. But you have to start somewhere. Besides, Facebook has way more data than any of them because not only can they assign a unique ID to you and make inferences based on your browsing habits, they know exactly who you are, your name, who your friends and enemies are, your politics, sexual preferences... basically everything. Even if you don't have an account they've got this data because your friends tag you in photos.

    Furthermore, Facebook gives you privacy settings, but how they behave are less than obvious... your pictures can be found by anybody with the link, for example. Facebook reserves the right to change your privacy settings without notifying you first. This is clearly illegal in Europe: just because there is a EULA does not mean that visitors waive their rights under European law.

    Most importantly, to me anyway, is that in Europe you can request that firms delete data that they have on you. Facebook does not do this. They simply flag an account as "deleted", but they keep it. Try it yourself if you dare: delete your account, wait a couple of weeks, and create a new one. Without doing anything, all of your old "friends" will pop up in the friend suggestions... because they already know who they are.

    I had a FB profile for a couple of weeks in 2008 or so, and "deleted" it. I regret that deeply because I have no way of actually deleting it and I know that FB is quietly and automatically collating everything it can on me. I'm Belgian, so at least they can't set their tracking cookie any more, but the issue is still not redressed. I really am grateful to France for fighting the good fight on this one.

    1. Re:You have to start somewhere by Applehu+Akbar · · Score: 4, Insightful

      How about we start with "Fuck off France"?

      It's really interesting, the levels to which Europe is currently trying to impose their laws on the rest of the world. Who do they think they are, imposing their laws on everyone, the U.S. or something?

      European police agencies are in an arms race with the US in global law enforcement. It's regrettable that Thailand has underage prostitutes, but that is Thailand's problem. Where in the Constitution does it say that this justifies having the FBI police Asian countries?

  3. Re:how about other third-party tracking? by Anonymous Coward · · Score: 5, Insightful

    The problem is that Facebook holds personally identifiable information, which is a breach of the European Data Protection Directive.

    In Europe you cannot as a company hold identifying personal data on an individual unless you have legitimate reason to do so, reasons include things such as:

    - They have given their permission for you to have the data

    - You're working under a law enforcement or similar exemption

    - You're being contracted to process the data on behalf of a company that has been given permission (but you cannot do anything other than process it as contracted - i.e. you cannot sell it on or use it yourself)

    So if someone has signed up to Facebook, they've given permission for it to hold personal information. But if they have never signed up, and say, someone tags them in a photo with their name, then Facebook is breaking the law (other people cannot give consent for a company to hold your personal information). The problem is that Facebook links all this together with tracking, and so builds a whole personal profile on people it has no legal basis to do so.

    It's possible that other ad companies also infringe too, but whether they get this treatment depends on whether an explicit complaint has been made. Most companies however are really just identifying a computer or browser, and whilst some jurisdictions class this in itself as personal data not all do, if France doesn't then it's easy to see why simple cookie tracking doesn't fall under the same laws as tracking people and trying to associate it with clearly identifiable information such as pictures of people, who they know, and so forth. The problem for Facebook is that they're intent on collecting not merely anonymised identifying data, but non-anonymised identifying data. Most ad networks don't really care what your name is, just what you are likely to want to buy. Facebook wants your name, address, telephone number, list of friends and family, and pictures of every moment of your life.

    The point of these data protection laws is that people should be able to have a choice to have no association with a company, to have a choice for companies not to hold data on them, and Facebook is clearly ignoring that choice - it's trying to gather data and build profiles on everyone, including people who don't want Facebook to have a profile on them.

    Which isn't to say I'm defending the likes of Doubleclick and Google, frankly I hate all tracking and think that the anonymised data used by ad networks isn't and can't ever be anonymised enough such that it should be any more legal without consent. But as it stands this is an evolving area of law in most countries and there's non consistency on whether anonymised (no matter how poorly) data is personal data or not.

    I also think it's worth bearing in mind that companies like Facebook are inevitably going to come under more scrutiny because of their tax situations. They use the argument for avoiding corporation tax that they're probably not technically breaking the law because the loopholes they use are in a grey area and aren't explicitly banned. Given that it's not really surprising that authorities decide that if they want to play that game that maybe it's time to examine where they technically are breaking the law and start to enforce it a bit more anally too.

    Companies like Facebook can't really complain about having the law enforced against them when they like to make such a fuss about how they're not breaking the law when it comes to things like tax. They really can't have it both ways - expect the law to be treated explicitly when it suits them in exploiting a loophole, but not expect it to be treated explicitly arguing over-reach when they're actually in breach of it elsewhere. Either you have a view that the law should be treated explicitly as written in which case they really need to accept their guilt here and do the necessary, or you believe that the law can't ever cover every edge case and believe there should be some leeway allowing people to foll