Facebook warns against 'detailed' EU data law
26.03.13 @ 09:23
BRUSSELS - The world’s largest social media company, Facebook, says the EU draft data protection regulation should remain broad enough to create incentives for business to comply.
“To the extent that the regulation goes off to do odd things, like defining in detail technical standards that is better left to industry players, then it would create huge disincentive for the companies to comply,” said Richard Allan, Facebook’s head of public policy of Europe, Middle East and Africa, in Brussels on Monday (25 March).
The Internet giant says fixing technical details at the regulation’s outset would upset the different requirements and standards used by social networks, pharmaceutical companies or banks.
The data regulation is a major overhaul of a 1995 directive and is one of the more complex legislative initiatives being pushed through at EU level.
The European Commission says its proposal would create a more uniform application of data protection rules throughout the EU.
Member states at the moment have their set of laws that are applied differently, creating legal confusion in cases that sometime span several countries.
The regulation also introduced concepts like data ownership and the "right to be forgotten" to strengthen individuals' rights.
Breaking the rules laid out in the bill could incur fines of up to 2 percent of a company’s global turnover.
The heavily-lobbied data bill is now with the European Parliament where its rapporteur, German Green Jan Albrecht, introduced a number amendments that Facebook says will weaken the European digital single market.
“Albrecht weakened the concept of the one-stop-shop principle which in effect would be detrimental to the achievement of the European single digital market. He took away the lead role of the data protection authority,” said Erika Mann, Facebook’s managing director of policy at its Brussels office.
Data protection authorities (DPA) are currently tasked to ensure rules are applied correctly and handle complaints where the company is based.
Facebook’s main offices are in Dublin and falls under Ireland’s data protection chief, Billy Hawkes. If the complaint is filed in Germany or elsewhere in the Union, then Hawkes’ office takes the lead role in the investigation.
The commission and Facebook want this to remain the same, but with additional safeguards to ensure the regulation is applied coherently throughout the Union.
“The vast majority of data protection authorities in Europe under the existing directive are effectively working with the one-stop shop model already and finding that it works well,” said Allan.
But Albrecht’s proposal shifts some of the power of the lead authority to the country of residency where the complaint was lodged to “sufficiently guarantee a DPA’s independence” notes his report.
Some DPAs, like Germany’s data protection commissioner in Schleswig-Holstein, are more proactive in filing privacy complaints against Facebook.
Schleswig-Holstein’s commissioner in December last year ruled that Facebook’s real name policy is a violation of German and European law.
The commissioner said people should be allowed to use pseudonyms against standard Facebook practices that require a real name when opening up a new account.
A German administrative court in February overturned the commissioner’s decision. The court said Germany’s law does not apply since Facebook is headquartered in Ireland.
Albrecht’s amendment, if included in the final version of the bill, could potentially reverse such decisions and open up more legal fronts against the company.
This article was updated on 28.03.2013. The original article said Albrecht's proposal would shift the lead authority to the country of residence. In fact, the lead authority would remain in the country of the main establishment but would have a co-ordinating role with the authority in the country of residence.