E.U. Regulators Criticize Facebook’s Privacy Practices

Advisors to the European Commission have sent a letter to Facebook arguing its default privacy settings do not sufficiently protect the privacy of its users.

The Article 29 working party, a group of data protection officials that advises the European Commission, argued that default settings on the social network should limit access to users’ profile information and information about their connections on the site to user-selected contacts only. In other words the availability of any data to third parties – such as search engines, for example – should be “an explicit choice of the user.”

Facebook’s privacy settings currently share user data with search engines and others on the network by default, including users’ names, profile pictures, contacts, and items users make have “liked,” either on the network itself or on third party sites that have implemented the “Like” buttons. The Commission argues that users should be required to opt in to having such information made public.

The correspondence also clarifies European law with regards to use of data of third persons contained in users’ profiles, stating “it would be a breach of data protection law if [social networking sites] use personal data of other individuals contained in a user profile for commercial purposes if these other individuals have not given their free and unambiguous consent.” Essentially, that suggests Facebook must not use information about users’ friends on the site for any commercial purposes. In the U.S., brands such as Levi’s appear to be making use of such functionality already.

Finally, the letter also questions current levels of user control over sharing data with third-party applications on the site, and states users should have “a maximum” of control about which profile data can be accessed by a third party application on a case-by-case basis.

Related reading