Not many people paid attention on January 30, when Facebook’s new privacy policy took effect. But Belgium’s Commission for the Protection of Privacy noticed, and asked Facebook to explain itself. Facebook declined to engage, according to the Belgians, because Facebook’s European privacy matters fall under the jurisdiction of Irish laws, where its European operations are headquartered.
The Belgians did not take kindly to this. Last month, the Belgian Privacy Commission released a report that said “Facebook disregards European and Belgian privacy legislation in several ways.” With Facebook holding that it does not need to answer to a Belgian authority, the Commission has decided to take Facebook to court, reports De Morgen (link in Flemish). As Willem Debeuckelaere, chair of the Belgian commission told De Morgen:
“We asked them what they would do with our recommendations. They replied that they do not accept the Belgian law and the authority of the Belgian Privacy Commission, and that it all rests on a misunderstanding… For us that was the signal to go to court. The behavior of Facebook can not be tolerated. We have a subpoena last Thursday show output to Facebook Belgium, Ireland and the United States.”
At issue are two core elements of Facebook’s business. The first is Facebook’s embedding of “like” buttons and other data-gathering code on websites far and wide across the internet. As a result, Facebook is able to gather data on internet users, whether or not they are members to the social network. More importantly, this data gathering is without explicit consent, which under Belgian and European law is not permissible.
Facebook issued a long rebuttal to Belgium’s complaints, saying that “the report gets it wrong multiple times in asserting how Facebook uses information to provide our service to more than a billion people around the world.”
A Facebook spokesperson told Quartz the company was “surprised and disappointed” that despite agreeing to meet on June 19, the Commission “took the theatrical action of bringing Facebook Belgium to court on the day beforehand. Although we are confident that there is no merit to the [Belgian privacy commission’s] case, we remain happy to work with them in an effort to resolve their concerns, through a dialogue with us at Facebook Ireland and with our regulator, the Irish Data Protection Commissioner. “
That carefully worded statement is aimed at the second core element of Facebook’s, and many other tech companies’, business.
Facebook and its peers are headquartered in Ireland for its low taxes but also for its data protection regulations. European law says that if these companies adhere to local laws, they can operate unmolested across the Union. But Ireland’s data protection laws are famously more lax than those on the continent.
The dispute stems from a fundamental difference of opinion: Facebook’s refusal to engage (paywall) with Belgium is born of the belief that it should not have to answer the same questions over and over again in each country it operates in within the Union. Belgium believes that a company must not be able to break its domestic law. The result: a lawsuit.