New EU Privacy Laws Could Hit Facebook

Technologies such as social networking, RFID, and even airport scanning have raced ahead of Europe's outdated data protection rules. Brussels aims to fix that

By Leigh Phillips

Two weeks ago, Mark Zuckerberg, the founder of social networking site Facebook told the world to just get over it—no one cares about privacy anymore—provoking a storm of protest across cyberspace.

On Thursday (28 January), the European Commission responded to the 24-year-old billionaire and announced plans for comprehensive new laws that have in their sights the massively popular website.

The commission is concerned that its existing rules on data protection date back to 1995, the very early days of what was at the time called the "information superhighway" and are extraordinarily out of date. Brussels is not just worried that the internet has sped ahead of its regulatory grasp, but also that many technologies, in particular Radio Frequency Identification (RFID), behavioural advertising and even airport security devices have proceeded apace, leaving EU legislation in the lurch.

The commission on Thursday, also the continent's official Data Protection Day, "warned that data protection rules must be updated to keep abreast of technological change to ensure the right to privacy."

Underscoring its new powers under the Lisbon Treaty and the legal basis given to the Charter of Fundamental Rights, the commission said it wants to create "a clear, modern set of rules" guaranteeing a high level of personal data protection and privacy.

Earlier legislation was also limited in that it was restricted to issues concerning the European Community—the so-called first pillar of the EU, but not foreign policy or policing and judicial affairs—the second and third pillars.

Mentioning Facebook, Myspace (NWS) and Twitter by name, EU Justice Commissioner Viviane Reding said she will start this year with a revision of the 1995 Data Protection Directive, in a speech that outlined the main principles and goals of her upcoming work as Europe's top fundamental rights watchdog. It is clear that privacy issues are at the forefront of her ambitions.

"Innovation is important in today's society but should not go at the expense of people's fundamental right to privacy," she said.

"Whether we want it or not, almost every day we share personal data about ourselves. These data are collected, processed and then stored out of our sight. By booking a flight ticket, transferring money, applying for a job or just using the Internet we are exposing our private lives to others. Sometimes it is necessary," she continued. "Data are being collected without our consent and often without our knowledge. This is where European law comes in."

She said that people should have the right "to say no…whenever they want."

The commissioner is frustrated that companies are tackling privacy issues—or, more commonly being forced to tackle privacy issues—only after a product or service has been developed.

"We need a change of approach: Businesses must use their power of innovation to improve the protection of privacy and personal data from the very beginning of the development cycle," she said.

Ms Reding finished by saying that Europe must set the global agenda in terms of privacy protection.

The commissioner also warned that body scanners at airports have not escaped her gaze. "I am convinced that body scanners have a considerable privacy-invasive potential. Their usefulness is still to be proven. Their impact on health has not yet been fully assessed. Therefore I cannot imagine this privacy-intrusive technique being imposed on us without full consideration of its impact."

The forceful speech comes just two weeks after Facebook's CEO made his own speech at the Consumer Electronics Show in Las Vegas, which has been widely interpreted as announcing "the end of privacy."

"People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people. That social norm is just something that's evolved over time," Mr Zuckerberg said in a speech on 11 January, referring to the company's recent privacy policy change that made user's main information accessible by default. He described these changes as merely reflecting "current social norms" wherein young people have a much more relaxed attitude to privacy.

Across the Atlantic on Wednesday, Canada's privacy commissioner also announced a fresh investigation of Facebook after receiving complaints about the company's new privacy policy.

Source: Business Week