Despite Changes, Facebook Still Violates EU Privacy Laws, German Officials Say

Two German privacy watchdogs are not satisfied with Facebook’s new privacy guidelines, saying that users get more duties instead of more rights, and that the social network still violates German and European privacy laws.

Facebook on Thursday is updating its Statement of Rights and Responsibilities (SRR), a document in which the relationship between users and others who interact with Facebook are described. Facebook has made some changes to the document, but the guidelines still are not to the liking of data protection authorities in Hamburg and Schleswig-Holstein.

The two German authorities criticized the changes in a press release, saying that Facebook still ignores German and European privacy laws and that the company is actually making users more responsible for privacy issues rather than taking responsibility itself. Facebook, for example, has changed the rules on tagging photos, explained Moritz Karg, spokesman of the Datenschutz und Informationsfreiheit (data privacy and information freedom) authority in Hamburg.

In the earlier version of the guidelines, Facebook noted that users should not tag or send email invitations to non-users without their consent. “To that sentence Facebook added: ‘or tag users if you know they do not wish to be tagged’,” Karg said. Facebook, not users, should be responsible for that, he noted, adding that it would not be technically difficult for Facebook to make that possible.

“Facebook knows quite well which user does not want to be tagged,” Karg said.

Furthermore, the data protection authorities want users to have more power over what happens with their personal data.

“It’s the user’s right to decide what happens to their data,” Karg said. The privacy agencies are also very skeptical about the way Facebook uses face recognition. “We are actually working on an order to change that,” Karg said, adding that if Facebook does not comply with this order, the case will probably end up in court.

Facebook agrees with the data protection authorities that the changes made to the SRR are not huge.

“Many of the proposed changes to the SRR are administrative updates (for instance, replacing references to our “Privacy Policy” with “Data Use Policy”) and others were made to make our practices and policies more clear,” Tina Kulow, spokeswomen for Facebook, said in an email. “We think these updates will help people to understand more about how Facebook works. As part of our site governance process, you have a chance to review these proposed updates and give us feedback by commenting on them before we finalize the changes,” she added, users had until 5:00 p.m. PT Thursday to suggest changes.

Facebook put the policy changes out on March 15, but they were visible only to users who were fans of the Facebook governance page. Karg was critical of the move, since only a small percentage of Facebook users are fans of the page.

According to Karg, the guidelines remain essentially the same. “I don’t believe they will change anything,” Karg said.

Facebook has been heavily criticized for years in Germany for its privacy guidelines. At the beginning of the month, a district court in Berlin ruled that Facebook’s use of user content and its Friend Finder feature violated privacy laws, and that it must change its terms of service.

According to Karg, the haggling over privacy is far from over. “This will last for a few years,” he said.

Loek covers all things tech for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com