What the 24-year-old Austrian law student didn’t expect, though, was 1,222 pages of data on a CD. It included chats he had deleted more than a year ago, “pokes” dating back to 2008, invitations to which he had never responded, let alone attended, and hundreds of other details.
Time for an “aha” moment.
In response, Schrems has launched an online campaign aimed at forcing the social media behemoth that has 800 million users to abide by European data privacy laws _ something the Palo Alto, California-based company insists it already does.
Yet since Schrems launched his “Europe vs. Facebook” website in August, Facebook has increasingly been making overtures not only to Schrems, but to other Europeans concerned about data privacy, including Germany’s data security watchdogs.
“Have we done enough in the past to deal with you? No,” Facebook’s director of European public policy, Richard Allan, testified Tuesday before a German parliamentary committee on new media. “Will we do more now? Yes.”
The lawmakers were holding a hearing on privacy rights.
Europeans _ Germans in particular _ have long been more concerned about data privacy than their U.S. peers. Still, the European campaign comes amid increased agitation in the U.S. over what many view as invasive Internet marketing practices that allow consumers to be observed, analyzed and harvested for profit, with no regard for their right to privacy.
Last month, several U.S. privacy interest groups asked the U.S. Federal Trade Commission in Washington to look into recent changes made by Facebook that give the company greater ability to disclose users’ personal information to businesses than it used to have.
The German lawmakers brought up a raft of complaints Tuesday, from allegations that Facebook’s “Like” button allows the company to track nonmembers Internet activity, to concerns over the company’s use of facial recognition software on personal photos.
“I wondered, what are they doing with my data?” Schrems said, sitting with his laptop in a Viennese coffee house. “I thought through everything that one can do with that amount of information, all the marketing that is possible.”
Under European law, consumers have the right to request a record of the personal information held by a company. The law further stipulates that to retain data beyond the limit of several months, a company must have a reason to do so.
That issue has been the basis for several of the 22 formal complaints that Schrems and his group have lodged with the Irish Data Protection Commissioner _ responsible for Facebook’s Ireland-based European subsidiary, which serves all users outside of the U.S. and Canada.