Surprise! Facebook doesn't Like the Data Protection Regulation

By EDRi · November 21, 2012

This article is also available in:
Deutsch: [Überraschung: Facebook hält nichts von der geplanten Datenschutzverordnung |]

Facebook has recently issued a 40-page lobbying paper with the company’s
position on the proposed European data protection regulation, opposing
several of its provisions. “The new legislative framework should focus
on encouraging best practice by companies like Facebook rather than on
setting out detailed technical rules that will not stand the test of
time and may be frustrating and costly for both service providers and
users,” says the paper on its first page.

The document was not made public by Facebook, but was obtained by the
Europe vs. Facebook group via a FoI request to the Irish DPA.

Facebook opposes a cooperation between the European Data Protection
Authorities (DPAs) in enforcing the law, preferring to be subject only
to the Irish DPA ruling – which seems to be a more business oriented
office, using an euphemism. The EU wants to have more cooperation, so
that single member states, such as Ireland and UK, cannot undermine the
EU data protection level.

What else does Facebook oppose to? It opposes the explicit consent by
users, the “privacy by default”, the “right to be forgotten” as well as
the 18 age limit for consent to data processing, being in favour of the
age of 13. It also opposes to the provision that users can insist for
the removal of the information that others post about them, as well as
to the provisions regarding data breach notifications. “…even the
most minor breaches must be reported to the DPA.”

The company is strictly opposing the heavy fines for breaching data
protection laws, arguing that these may lead to less data protection
because of less cooperation with the authorities, and more cost for the
state, adding: “Facebook is concerned that the magnitude of potential
fines will create a disincentive for innovation and associated job
creation among internet service companies. This could be a major blow
for the European Union given that the Internet sector is widely
recognized as the major driver of job creation and growth in an
otherwise moribund economic environment.”

And, of course, Facebook also wants an easier data transfer of data out
of the EU/EEA countries.

It is surprising though that Facebook did not ask for the principles of
the “privacy is dead” doctrine to be included in the new data protection

Facebook’s views on the proposed data protection regulation (summary by (30.03.2012)

FOI Response:Facebook’s Lobbying Papers and Irish Position on new EU
Data Protection Regulation (17.11.2012)