Belgium Privacy Commission, Data Privacy, EU Privacy Laws, Europe v Facebook, European Data Protection Directive, Facebook, Facebook Ireland, Irish Data Protection Act, Irish Data Protection Commissioner, NSA, PRISM, Right to Access, Snowden, Social Media
by Wanjiku Karanja
In 2011, Maximillian Schrems, an Austrian law student, during a semester abroad at Santa Clara University in Silicon Valley, wrote a paper on Facebook’s lack of awareness of Europe’s stringent data privacy laws. In the course of his research, he discovered that Facebook stored large dossiers of information on its users after he made a request under EU Data Protection Directive “Right to Access” provision and received a CD containing over 1,200 pages of data on himself, including a history of every individual that he had “friended” and “de-friended”, every “poke” that he had received, every individual who had signed onto Facebook on the same computers as himself, his response to all the events that he had been invited to as well as all of his past messages and chats including some that he had thought had been deleted.
Spurred by his discovery, he returned to Austria where he formed an advocacy group called Europe v. Facebook through which he published the information sent to him online after redacting his personal information. The group then filed several complaints with the Irish Data Protection Commissioner as Facebook’s European Headquarters are in Ireland and Clause 8 of Facebook’s Statement of Rights and Responsibilities sets out that:
“If you are a resident of or have your principal place of business in the US or Canada, this Statement is an agreement between you and Facebook, Inc. Otherwise, this Statement is an agreement between you and Facebook Ireland Limited. References to “us,” “we,” and “our” mean either Facebook, Inc. or Facebook Ireland Limited, as appropriate”.
This meant that Schrems as an Austrian National could only make complaints against Facebook Ireland Limited.