Facebook on Collision Course with New EU Privacy Laws

Article excerpt

Proposed EU laws on Internet privacy will target a critical money- maker for Internet companies such as Facebook: their wealth of personal data on users.

With its initial public offering this week, Facebook is roaring ahead. However, new European Union privacy regulations are taking aim at Internet companies' ability to profit through control of personal information - the key to their tremendous online advertising profits.

Now in its eighth year, social networking website Facebook is set to become the hottest ticker on Wall Street - and it's not hard to see why. With 800 million users worldwide and $3.71 billion in sales in 2011, the company's IPO is expected to raise between $50 billion and $100 billion on the open market.

But with a business model built on leveraging user data to sell targeted advertising, Facebook, Google, and other Internet companies are on a collision course with EU demands that its citizens' right to privacy be respected. The EU regulations pit two Internet philosophies against each other: 1) that more regulation is needed in order to protect unwitting users, 2) that more regulation will encourage overactive censorship.

Giving users more control

On Jan. 25, EU Justice Commissioner Viviane Reding unveiled a wide-ranging data protection program that aims to regulate all companies doing business online in the EU, not just those based there. The data protection laws, which will take about a year to be enacted, will be uniform across all 27 member states.

"Companies must understand that if they want access to 500 million consumers in the EU, then they have to comply. This is not an option," says Matthew Newman, spokesperson for the justice commissioner.

The proposal prescribes fines of up to EUR 1 million ($1.3 million) or 2 percent of annual revenue, includes a "right to be forgotten" that allows users to permanently delete their data, and allows users easier access to their data and easier migration of it to other services. Additionally, companies wishing to do business in the EU will need a representative based there.

"The principle behind [the right to be forgotten] is quite simple: it's your data, you're in control of it and you get to decided what is done with it," says Mr. Newman.

Jeffrey Rosen, legal commentator and law professor at George Washington University, says he supports tougher privacy regulations, but called the EU's "right to be forgotten" a "legal minefield."

Mr. Rosen says the regulations will create a dramatic clash between the right to freedom of expression and the right to privacy, arguing that under the proposal, websites like Facebook will be obliged to not only to delete on request material that users upload, such as photos, but any shared copies of photos - and potentially even material uploaded by third parties that another user objects to.

The new rules will bring Europe and the United States' different privacy norms face to face.

"There are hugely different cultures. Europe tends to trust the state and not private companies and in America it's the reverse. There's also a difference of tradition between dignity and liberty," Rosen says. "There is potential for radical disruption of the way users experience the Internet in the EU. This would transform Facebook and Google into censors-in-chief."

The question of privacy vs. openness hits at the heart of a major commercial issue in the Web 2.0 world, where personal data is traded for free access to online services.

As part of the company's IPO announcement, Facebook founder and CEO Mark Zuckerberg sent a letter to shareholders, saying, "Facebook was not originally created to be a company. It was built to accomplish a social mission - to make the world more open and connected."

The Wild West of online data

Users of online services need to be more aware of what data is collected and how it is used, says Kieron O'Hara, a philosopher working at the University of Southampton's school of computer science in Britain. …