More on an interesting investigation of Facebook by the Irish Data Protection Commissioner that I noted the other day: the Personal Data Ecosystem Consortium writes:
A move by a group around Vienna-based law student Max Schrems has set in motion a process which has now resulted in a formal privacy investigation by the Irish Data Protection Commissioner (DPC) against Facebook. The group of students explains that due to the legal structure of Facebook, any user outside of the U.S. and Canada has a formal contract with Facebook Ireland Ltd., which is subject to Irish as well as E.U. privacy law, e.g. the famous Directive 95/46/EG. The fact that Facebook claims to comply with the Safe Harbor framework also subjects it to the principles of the E.U. directive. This law, among other things, grants individuals the right to be informed of all data that is being held about oneself, as well as the right to rectify or erase the data.
Max Schrems, who has studied at a university in the U.S. for a while, has had personal experience with executives and privacy experts of large and small Internet companies, and he states that in Silicon Valley tech culture he has noticed little respect or even awareness of the requirements of E.U. privacy laws.
On the group’s website “Europe versus Facebook”, the full story and history of the initiative is documented.
Read more on PDEC.