Facebook: EU’s ‘Right To Be Forgotten’ Will Enforce More User Tracking

Facebook believes that the ‘right to be forgotten’, one of the key parts of the European Commission’s proposed data protection laws, will actually require more tracking of individuals on the Internet, rather than be a massive boon for privacy.

The social networking behemoth has been fighting data privacy rules proposed in Brussels in January, and has taken particular interest in the ‘right to be forgotten’. It recently said the rule, which would force companies to delete customers’ data when they ask for it to be erased,  “raises many concerns with regard to the right of others to remember and to freedom of expression”.

But Facebook also believes that if customers want to have all of their data deleted from a particular site, it will require service providers, like Facebook, Google, Twitter and any other company involved in publishing data on the Web, to track customers’ activity across other websites than their own.

Right to be forgotten

“As drafted, the proposals have privacy implications,” Linda Griffin, Facebook’s policy communications manager in Europe, told TechWeekEurope.

“The obligation to delete data that has been copied to other services is something we cannot control. In order to meet such obligations it would mean that service providers would be obliged to monitor people’s activities across the Internet.

“It is practically impossible for Facebook to delete information that has been copied to other sites and also has implications on the right to freedom of expression on the Internet.”

Griffin said that Facebook had worked hard to let users delete information from the site and essentially be forgotten on facebook.com.

“Facebook does more than most to help its users control their privacy and delete their data,” she added, pointing to various Facebook services such as the  Download Your Information Tool and the “straightforward process of either deleting or deactivating your account”.

“There are a lot of myths floating around about FB which keep getting rehashed and where we haven’t done things well enough in the past we have tried to improve,” she added.

Some believe Facebook is actually misinterpreting what the Commission is proposing. Jim Killock, executive director of the Open Rights Group, said “the right to be forgotten is not about what individual users do, but how Facebook or other companies share user data, and how a user revokes permission”.

“There is a conflation in companies’ minds of the generic reuse of  published information and the commercial sharing of user data. Separate these out and you can see the root idea is common sense,” Killock told TechWeekEurope.

“That said the drafting could be improved. This is often true with legislation, and we should support Reding’s effort to improve user control of their data.”

Sharing data

One of the biggest problems privacy professionals have with social networks like Facebook and active Web 2.0 companies is that they share information with other businesses where they see fit.

Privacy and security company Steganos today released a report lambasting such businesses for their privacy policies. Steganos said numerous Internet service providers are sharing personal information without users’ permission or court orders.

It noted that Facebook’s privacy policy states it may “supply law enforcement information to help prevent or respond to fraud and other illegal activity, as well as violations of Facebook terms.” It noted similar statements, as seen in the infographic below.

Privacy nightmare?

TechWeekEurope asked Facebook whether it thought it was bringing privacy problems on itself by handing over data to third parties, but it had not responded at the time of publication.

Privacy professional Phil Booth recommended letting users tag pieces of data posted on sites like Facebook. That would mean information could be tracked down easily and retrieved without necessarily having to know where Web users have been. However, he said modifying the culture or behaviour of web companies would be better then “techno-legal fixes”.

Yesterday, TechWeekEurope exclusively revealed the extent to which the US government was lobbying European Commission officials on the issue. Sources within the commission said they were surprised at the level of interest from the US, revealing it had tried to delay the introduction of the proposed laws, which were outlined in January.

The EC sources said the Commission was standing firm and not being swayed by US lobbyists. It will keep the ‘right to be forgotten’, and is determined to stick with other controversial plans, including increasing regulators’ fining powers across member states.

Meanwhile, an Austrian privacy group is preparing a lawsuit against Facebook in Ireland – the social network’s EU base – over privacy issues. The legal charge is being led by Max Schrems, who was outraged, in 2011, when he discovered the site stored 1,200 items of personal data on him.

Are you a security expert? Find out with our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

View Comments

  • The key issue here is one of changing culture. The big companies listed above see it in their business interest to continuously 'redefine' privacy from a legal PoV through action that becomes ingrained. This is because their 'free' services are not free at all. You pay with your data. Its an implicit contract of service that many now want made explicit and privacy laws are just one way to tackle that cultural change.

    There are many ways in which users benefit in terms of service by sharing data - but the key question is - should that be implicit and hidden by these corporates? or explicit and controllable by the owner of
    that data.

    The other question is - what if there was an alternative? social media and other tools that made their contract of service explicit with their users and was completely transparent about data use? Then we'd see facebook et al having to re-think their approach.

  • Why would a consumer's request to be forgotten require that service providers "track customers' activity across other websites than their own"? What's wrong with simply honoring the request, rather than stalking consumers who have asked not to be stalked.

    • There is an even easier way to avoid being tracked - read the privacy policies of the pages you visit and don't sign up for the service that tracks you. It is all there in black and white, unless you are too lazy to take YOUR privacy into YOUR hands.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago