Surprise! Facebook doesn't Like the Data Protection Regulation
This article is also available in:
Deutsch: Überraschung: Facebook hält nichts von der geplanten Datenschutzvero...
Facebook has recently issued a 40-page lobbying paper with the company’s position on the proposed European data protection regulation, opposing several of its provisions. “The new legislative framework should focus on encouraging best practice by companies like Facebook rather than on setting out detailed technical rules that will not stand the test of time and may be frustrating and costly for both service providers and users,” says the paper on its first page.
The document was not made public by Facebook, but was obtained by the Europe vs. Facebook group via a FoI request to the Irish DPA.
Facebook opposes a cooperation between the European Data Protection Authorities (DPAs) in enforcing the law, preferring to be subject only to the Irish DPA ruling - which seems to be a more business oriented office, using an euphemism. The EU wants to have more cooperation, so that single member states, such as Ireland and UK, cannot undermine the EU data protection level.
What else does Facebook oppose to? It opposes the explicit consent by users, the “privacy by default”, the "right to be forgotten" as well as the 18 age limit for consent to data processing, being in favour of the age of 13. It also opposes to the provision that users can insist for the removal of the information that others post about them, as well as to the provisions regarding data breach notifications. “...even the most minor breaches must be reported to the DPA.”
The company is strictly opposing the heavy fines for breaching data protection laws, arguing that these may lead to less data protection because of less cooperation with the authorities, and more cost for the state, adding: “Facebook is concerned that the magnitude of potential fines will create a disincentive for innovation and associated job creation among internet service companies. This could be a major blow for the European Union given that the Internet sector is widely recognized as the major driver of job creation and growth in an otherwise moribund economic environment.”
And, of course, Facebook also wants an easier data transfer of data out of the EU/EEA countries.
It is surprising though that Facebook did not ask for the principles of the "privacy is dead" doctrine to be included in the new data protection framework.
Facebook’s views on the proposed data protection regulation (summary by
FOI Response:Facebook’s Lobbying Papers and Irish Position on new EU
Data Protection Regulation (17.11.2012)