Back in November, a Belgian court ruled that Facebook should stop tracking Belgians who are not signed up to the site or pay a daily penalty of €250,000. This ruling, unfortunately, was overruled on appeal at the start of this month. Not, it should be noted, because Facebook is justified in tracking people who are not logged in or have never sighed up to their site, but because:
Belgian courts don’t have international jurisdiction over Facebook Ireland, where the data concerning Europe is processed.
The issue here is one of jurisdiction, not principle. The data protection and privacy laws invoked in this case exist at the EU level, they have not been challenged and the only question is who gets to enforce them. Since Facebook’s European operations are based in Dublin, that would be the Irish.
A little poking around online led me to europe-v-facebook.org:
Are EU Data Protection Laws enforceable in Practice? This may be the main question that europe-v-facebook.org is now about. The right to data protection is a fundamental right in the European Union, but at the same time very little companies respect it. Facebook is just one of many that have a bad reputation when it comes to the handling of users’ data.
So the question arises if users are just too lazy to do something about it, or if the laws are in practice unenforceable?
We unintentionally landed in the middle of a big experiment after filing 22 complaints against Facebook in Ireland, because of breaches of the most basic privacy rules. We happened to look at Facebook for a number of reasons, but the results are very likely exemplary for a whole industry.
You can follow our journey and the under “Legal Procedure“.
While it is clear by now, that no normal citizen is able to follow through with such a proceeding, we are still working to get our final decision today. We want to know if our fundamental rights are respected and enforced against tech giants like Facebook, or if our rights are only existing on the paper.
You can support them at crowd4privacy.org.