Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Facebook's 'Like' button has become a staple of the web - but German officials believe it to be in breach of EU privacy laws. FindYourSearch via Flickr
Privacy

Irish data chiefs set to test if Facebook ‘Like’ button is illegal

The Data Protection Commissioner will be asked to investigate the legality of the ubiquitous ‘Like’ button in the coming days.

Updated, 17.35

IRELAND’S DATA PROTECTION COMMISSIONER (DPC) will be asked to investigate the legality of Facebook’s ‘Like’ button in the coming days, after an equivalent German official deemed the feature to be in breach of EU law.

TheJournal.ie has learned that the DPC will shortly receive an official complaint about the button from an Austrian-based lobby group, which has already filed 16 other complaints relating to Facebook’s data handling and privacy settings in the last few days.

If the complaint is successful, Facebook may be forced to adopt radical changes in the way it operates the ubiquitous ‘Like’ feature – or potentially face court action demanding that the feature be disabled for hundreds of millions of worldwide users.

A spokesman for the lobby group, ‘Europe v Facebook‘, said that complaints about the legality of the ‘Like’ button had not specifically been included in its first batch of complaints, filed last week, but that a follow-up complaint dealing specifically with the feature would be lodged in the coming days.

The office of Ireland’s Data Protection Commissioner, Billy Hawkes, will then examine whether the technology behind the button constitutes a breach of privacy law in this country.

‘Shadow profile’

Although the group behind the complaints is based in Austria, the complaints are being filed with the Irish DPC because Facebook’s Terms of Use declares users outside the US and Canada to be in a contract with Facebook Ireland Ltd, the company’s Dublin operation which acts as its headquarters for Europe, the Middle East and Africa.

Last week the data protection commissioner in the German state of Schleswig-Holstein, Thilo Weichert, deemed that the ‘Like’ button was a breach of local, federal and EU law – and said institutions in his state would receive heavy fines if they did not remove the trademark ‘thumbs-up’ button from their sites.

The incoming complaint focuses on how the ‘Like’ button allows Facebook to track the online activity of any web user – even those who are not among the social networking site’s 750 million members worldwide.

By logging the IP addresses of internet users when they visit pages containing an embedded ‘Like’ button, the social network is theoretically able to build a profile of that user’s browsing habits, and then use this to its commercial advantage.

This was illegal under EU law, Weichert argued, because Facebook would harvest this data through web servers based in the US – and not within the EU, as the commissioner said was required.

While Weichert claimed that users could expect their browsing history to be kept on record for around two years, Facebook in response said it deleted such data after 90 days.

Privacy standards

A spokesperson for the DPC here told TheJournal.ie that while its office had noted the German decision, it had not yet begun an investigation into whether the ‘Like’ button complied with data protection laws effective in Ireland.

The spokesperson did confirm, however, that the office would examine “different aspects of Facebook Ireland’s compliance with Irish data protection law” in light of any complaints received from the Austrian group.

Among complaints already received are allegations that Facebook retains data – such as status updates, chat messages, photo tags, deleted friendships and ‘pokes’ – even after the user removes them from their own personal profile.

Other complaints filed by the Austrian group include Facebook’s ability to build ‘shadow profiles’ of non-users by harvesting data supplied by other users – such as phonebook databases.

The group also argues that material posted by users on others’ pages can be shared in ways not known to them, and that third-party applications installed by a user’s ‘friends’ can access their own personal data – with no guarantee of privacy standards.

A Facebook spokesperson said the company was aware of the complaints being filed by the Austrian group.

“The Irish Data Protection Commission has well-established procedures for resolving such issues through dialogue with the relevant data controller which we expect to follow in this case,” the spokesperson said.

Read: Facebook’s ‘Like’ button could be in breach of EU law – German official

Your Voice
Readers Comments
50
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.