“Battle Royal” Over Internet Privacy: The View from Europe

Facebook laptop

At the Atlantic Council last week, U.S. and EU officials pledged to work together on creating a common framework to regulate data sharing and privacy protection between them. But if it is to be put into practice, such an effort will have to overcome significant challenges and differing perspectives on these issues.

One of the latest examples comes with Hamburg, Germany officials taking legal action against social networking giant Facebook. Johannes Caspar, chief of the Hamburg Data Protection Authority, states that his organization has received a number of complaints from citizens who have not signed up for Facebook, but found information about them appear on the site anyway.

Facebook “routinely imports data from the email address books of its users, to allow them to easily invite friends to join the networking site.” However Caspar argues that saving the details of third parties in this way without their consent violates German privacy laws (Facebook, which states it is reviewing the legal action, has until August 11 to issue a response).

This dispute follows a May letter from the European Commission to Facebook admonishing the company for making certain users’ personal data public, an action the Commission called “unacceptable.” Plus Hamburg authorities are taking on another technology giant: earlier in the year the city’s Data Protection office launched an investigation into Google, accusing it of surreptitiously intercepting personal data from Wifi networks. That investigation remains open.

Non-profit advocacy group Consumer Watchdog representative John Simpson points out,

There are much stronger privacy laws in Europe than here [the U.S.], where privacy is viewed as a consumer protection issue as opposed to a fundamental human right. We see that a number of Silicon Valley companies don’t really understand how seriously privacy issues are taken in Europe and they will continue to run afoul of data protection laws there. I also think there is a growing reaction in the US that we should beef up our privacy laws along the lines of those in Europe.

Facebook took another hit yesterday from Germany’s Federal Minister of Food, Agriculture, and Consumer Protection, Ilse Aigner. Aigner vowed to delete her Facebook account in protest over the site’s privacy policies, saying she failed to receive sufficient assurances from the company that her private data was secure.

“Anyone who visits a social networking site should know that it’s a business model. The service is not free. We users pay for it with our private data,” Aigner says. She continues, “Facebook boss Mark Zuckerberg has indicated that in principle, he does not want to change anything. In contrast, his firm wants to use members’ private profiles for commercial purposes.”

While the Facebook case is certainly high-profile, other European efforts regarding information sharing have caused controversy due to privacy implications. Recently the European Parliament adopted Written Declaration 29, which would require search engines to save every keystroke entered on their sites for two years. This would be an expansion of the existing EU Data Retention Directive. Search engine operators would also be mandated to turn data over to police when requested with the aim of identifying and intercepting pedophiles and other sexual predators.

While sounding good in theory, the proposal—which has not yet been signed into law—has generated staunch opposition: “critics say the data retention requirement for search engines was sneaked surreptitiously into the proposal, and that the declaration doesn’t address the problem…In short, the critics say, this commendable effort to stop sex crimes will do nothing of the sort and, instead, is a cloak for a massive assault on privacy.”

Cecilia Wikström, a Swedish Member of Parliament who withdrew her name from the declaration after initially supporting it, said signing was “a mistake” that happened simply because it was “an easy thing to do.” She said members of Parliament were “unaware” that the measure called for massive data retention when they signed the declaration.

Furthermore, Europe-based search engine Ixquick, which estimates it has about 500 million users, would have to undergo major restructuring to comply with Declaration 29. Ixquick ensures privacy by eliminating all traces of messages and other data after they are sent, and was the first company to receive Europe’s privacy seal. American-based search engines such as Google, Yahoo, and Microsoft’s Bing already track search data and would only need minimal adjustments to comply with the declaration.

There is some indication that the U.S. is moving towards establishing more stringent privacy laws, thereby bringing it more inline with European sentiments. Last month several U.S. government officials launched campaigns to develop more formalized Internet privacy legislation. Nevertheless, Tim Bajarin, President of Creative Strategies and technology analyst, writes that a “battle royal” is forming over what information should be kept private and how companies will be held accountable for maintaining customers’ privacy. As a result Silicon Valley and technology firms “may never quite be viewed in the same light again.”

Given the expansive reach of social networking programs, coming to a consensus on privacy protection in this area should be considered of high importance by the U.S. and the EU. If not, expect further legal action by other European policymakers down the road.

Scott Bleiweis is an intern with the Atlantic Council’s editorial department. He is currently pursuing a masters degree in international studies with the Korbel School of International Studies at the University of Denver. Photo credit: Alamy.

On Aug. 19, Google responded to an issue raised in this article, announcing it would increase the amount of time Germans have to remove their houses from appearing in the company’s "Street View" feature; Google admitted it intercepted personal data from WiFi networks during the Street View data collection process. The company also agreed that search data would be handled securely and deleted as soon as legally possible, addressing another German privacy concern discussed above.


Image: Facebook%20laptop.jpg