Facebook isn’t known for respecting the privacy or rights of its users, this is nothing new, but it looks like Zuckerberg may have to anticipate a kick in the teeth.
That would be courtesy of European Data Protection, forcing Facebook to become a little more transparent over how much it holds on individuals.
Many people probably think that Facebook is immune from having to abide by the EU data laws. After all, isn’t it a company based in California – and therefore outside the scope of the EU?
At the very top of Facebook’s Terms: “Company Information: The website under www.facebook.com and the services on these pages are being offered to you by:
Facebook Ireland Limited
5-7 Hanover Quay,
And from Section 18 of the Terms: “If you are a resident of or have your principal place of business in the US or Canada, this Statement is an agreement between you and Facebook, Inc. Otherwise, this Statement is an agreement between you and Facebook Ireland Limited. References to “us,” “we,” and “our” mean either Facebook, Inc. or Facebook Ireland Limited, as appropriate.”
According to this, take ‘Facebook’ as meaning ‘Facebook Ireland Limited’. If you’re outside of the US and Canada, you’re signed up with the company in Ireland instead of the US. Facebook has kindly made the language nice and clear so that you can be in no doubt about who you’re dealing with and where in the world.
Setting up shop in Ireland means that Facebook is an entity within the EU and, contrary to popular belief, it doesn’t have the option of picking and choosing which laws to abide by, European or US, or what rights it should grant the consumer.
Data protection in Ireland does some of that for it. Being based in Dublin means that Facebook is just as accountable as any other company there would be when it comes handling your information, even if your data is handed over to and used in the US.
Just because it started in California it certainly doesn’t mean Zuckerberg’s immune from the laws in Europe.
So what does this mean for you? Section 4 of the Data Protection Act is a notable point to emerge from its move across the pond. It states that you have a right to access all of the data a company is holding on you. Irish regulations allow the company to charge a maximum fee of €6.35 and the request must be filled by them within 40 days in order to comply with the act.
Ever wanted to know exactly what Facebook has on you? Here’s the link to the data request form hidden within the depths of the help centre.
You will have to scan and upload a copy of your ID to prove you are who you say you are and it probably wouldn’t hurt to throw in a quote from the relevant Data Protection Act (section 4 of the DPA or Article 12 of EU Directive 95/46/EG) to get things moving along.
According to website ‘Europe vs Facebook’ expect to have to send a few requests, maybe a couple of emails and perhaps even throw a little complaint towards the data commissioner before it gets around to complying.
The information will be sent to you on a CD as a PDF. Normally over 1,000 pages long and containing information you probably believed you had long since deleted, and perhaps even forgot about completely, the data you are requesting by filling out the form really is everything, or at least should be everything. All information attached to photographs, all phone numbers including from where you’ve synced your phone and tags.
Even private messages, allegedly including those which have been deleted and potentially contain some very private information, likes, status updates, notifications, all of it.
If you request it, they have to send it.