the Irish for rights

On Ars Technica: How one law student is making Facebook get serious about privacy

According to Facebook’s “About” page, millions of people use the site everyday “to keep up with friends, upload an unlimited number of photos, share links and videos, and learn more about the people they meet”. That’s a lot of data, and Facebook has a detailed data use policy, but not everyone will be comfortable with every element of that policy. As well as the inevitable online contact form, Facebook invites questions or complaints about its data use policy or practices by mail, to its California headquarters for enquiries from the USA or Canada, or – since Dublin became the centre of Facebook’s international operations in 2008 – to its Dublin address for enquiries from everywhere else. So, when an Austrian student raised queries about Facebook’s data policies, the appropriate regulator was the Irish data protection commissioner. His story is the feature story on the front page of Ars Technica right now.

How one law student is making Facebook get serious about privacy

Max Schrems requested his personal data from Facebook, got a 1,000-page PDF.

words by Cyrus Farivar; pic, in thumbnail above left, by Aurich Lawson

The world’s largest legal battle against Facebook began with a class assignment. Student Max Schrems still hasn’t turned in his university paper on the topic, due well over a year ago, but he has already accomplished something bigger: forcing Facebook to alter its approach to user privacy. Now, Schrems wants cash—hundreds of thousands of euros—to launch the next phase of his campaign, a multi-year legal battle that might significantly redefine how Facebook controls the personal data on over one billion people worldwide. …

What began as an academic assignment in spring 2011 quickly morphed into an advocacy organization called “Europe vs. Facebook.” … As a way to compel Facebook Ireland to comply with existing EU law, Schrems filed 22 formal complaints with the Irish Office of the Data Protection Commissioner (ODPC) on August 18, 2011. … Schrems argues that Irish data protection authorities aren’t properly enforcing the law when it comes to Facebook, and he hopes that a judicial review will vindicate his position. If necessary, he plans to take his case all the way to the European Court of Justice in Luxembourg. … Working separately, an Austrian law student and an under-staffed Irish data protection watchdog have helped bring worldwide improvements to Facebook’s privacy policies. …

Read how they did it (with a few quotes from yours truly) in the full story on Ars Technica.

The ODPC Facebook Privacy Review can be downloaded here (also here) (21 December 2011) and here (21 September 2012).

The europe-v-facebook support page is here.

Updates (3 December 2012): (1) A week after this post was published, Facebook proposed changes to its data use policies which have – inevitably – proved controversial. According to the Washington Post (with added links),

New Facebook policy conflicts with European law, concerns privacy advocates

… Regulators alerted Facebook about the problem shortly after the company announced major changes Wednesday in how it will treat users’ personal data, said Gary T. Davis, deputy data protection commissioner in Ireland. …

“Facebook is not really telling users what this means and how this is going to work,” said Jeff Chester, executive director of the Center for Digital Democracy. His group is planning to join the Electronic Privacy Information Center in complaining to the [Federal Trade Commission] (FTC) about the proposed Facebook policy changes. The agency declined to comment on Friday. …

(2) Ray Corrigan’s experience of his complaint to Facebook about his data makes for interesting reading (see: here, here, here, so far).

Leave a Reply



Me in a hatHi there! Thanks for dropping by. I’m Eoin O’Dell, and this is my blog: Cearta.ie – the Irish for rights.

“Cearta” really is the Irish word for rights, so the title provides a good sense of the scope of this blog.

In general, I write here about private law, free speech, and cyber law; and, in particular, I write about Irish law and education policy.

Academic links


  • RSS Feed
  • RSS Feed
  • Subscribe via Email
  • Twitter
  • LinkedIn

Archives by month

Categories by topic

My recent tweets

Blogroll (or, really, a non-blogroll)

What I'd like for here is a simple widget that takes the list of feeds from my existing RSS reader and displays it here as a blogroll. Nothing fancy. I'd love a recommendation, if you have one.

I had built a blogroll here on my Google Reader RSS subscriptions. Google Reader produced a line of html for each RSS subscription category, each of which I pasted here. So I had a list of my subscriptions as my blogroll, organised by category, which updated whenever I edited Google Reader. Easy peasy. However, with the sad and unnecessary demise of that product, so also went this blogroll. Please take a moment to mourn Google Reader. If there's an RSS reader which provides a line of html for the list of subscriptions, or for each RSS subscription category as Google Reader did, I'd happily use that. So, as I've already begged, I'd love a recommendation, if you have one.

Meanwhile, please bear with me until I find a new RSS+Blogroll solution




Creative Commons License

This blog is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. I am happy for you to reuse and adapt my content, provided that you attribute it to me, and do not use it commercially. Thanks. Eoin

Credit where it’s due

The image in the banner above is a detail from a photograph of the front of Trinity College Dublin night taken by Melanie May.

Others whose technical advice and help have proven invaluable in keeping this show on the road include Dermot Frost, Karlin Lillington, Daithí Mac Síthigh, and Antoin Ó Lachtnáin.

Thanks to Blacknight for hosting.