EU vs Facebook: Facebook's dossiers on Europeans breach EU privacy laws

An Austrian student has kicked off a movement that pits EU privacy rules against Facebook's data collection practices. Max Schrems requested a copy of the data Facebook had collected on him (which Facebook is required to provide under EU law) and found himself with more than 1,000 pages of data that demonstrated several clear breaches of EU privacy laws. Kim Cameron has a good writeup on the ensuing complaints that Schrems filed:

Max is a 24 year old law student from Vienna with a flair for the interview and plenty of smarts about both technology and legal issues. In Europe there is a requirement that entities with data about individuals make it available to them if they request it. That’s how Max ended up with a personalized CD from Facebook that he printed out on a stack of paper more than a thousand pages thick (see image below). Analysing it, he came to the conclusion that Facebook is engineered to break many of the requirements of European data protection. He argues that the record Facebook provided him finds them to be in flagrante delicto.

The logical next step was a series of 22 lucid and well-reasoned complaints that he submitted to the Irish Data Protection Commissioner (Facebook states that European users have a relationship with the Irish Facebook subsidiary). This was followed by another perfectly executed move: setting up a web site called Europe versus Facebook that does everything right in terms using web technology to mount a campaign against a commercial enterprise that depends on its public relations to succeed.

Europe versus Facebook, which seems eventually to have become an organization, then opened its own YouTube channel. As part of the documentation, they publicised the procedure Max used to get his personal CD. Somehow this recipe found its way to reddit where it ended up on a couple of top ten lists. So many people applied for their own CDs that Facebook had to send out an email indicating it was unable to comply with the requirement that it provide the information within a 40 day period.


  1. This is how revolt on the internet is done! Facebook is a vault used by corporations to ransack your information: it is part of the problem we face moving forward into a freer and just world. Good going Max!

  2. Do someone know how to do the same thing with Google or Microsoft since I’ve been using Gmail and Hotmail for a while? I know that I need to mention the Art. 12 of the Directive 95/46/EG, but I don’t know where to send the mail.Do they have a European headquarter?

  3. I solved my personal problem with Facebook’s intrusive data-gathering policies by not using it. It has not affected my life negatively in the least.

    1. No you haven’t solved those problems by not using Facebook.

      Recently I have been forced to make an account on Facebook. I urgently needed to contact someone and the only contact info I was able to obtain was his Facebook account. So I have registered with my name and email. Nothing else. I told to myself that I was not going to use Facebook beyond this one contact anyway, so they do not have any info to collect about me.

      A few minutes after registering I received message from Facebook saying something like: “you might like to Friend those people”. What followed were Facebook accounts of about 40 people. It was extremely disturbing to find out that I DID indeed know at least of those 35 people. Many of them were quite unlikely contacts, like teacher of my daughter, a developer with whom I have exchanged perhaps 4 email previously …

      So Facebook IS collecting data about you. Every time somebody searches for your name or your email they make a record. And they cross-link that info. They also ask for permission to look at peoples emails and, astonishingly many people agree and Facebook collects your email from Fred and Mary and he knows that you know both of them. Then they can build databases of who knows whom.

      1. I don’t understand the danger of this. Does facebook monitor your browsing habits if you are not signed up with them? Or do you just think that it is creepy of them to know who you know? Here is an idea. Don’t write anything on the internet that you are uncomfortable with someone else or a company knowing (including email) and don’t say anything that you wouldn’t be comfortable being held accountable for offline. What the hell did people think would happen when they started using the internet? The pitfalls of this type of communication have been written about in SCi-Fi books for years before it was even thought of. I use the internet to make my life easier in many areas but I also consider the implications of using it as a tool.

  4. I solved my personal problem with Facebook’s intrusive data-gathering policies by not using it.

    ORLY? Part of the complaint is that Facebook is building “shadow profiles” of non-users when people upload their Hotmail address books and whatnot to “Find Friends”, as Facebook pesters them to repeatedly. If your info is stored in someone else’s address books they get it — and consider that many people are using their Hotmail/Gmail/Outlook/etc. as personal information managers for other things about you besides your e-mail address. Does your mom have your phone number in hers? Your friend your birthday and home address for when they want to send you a card? Then you have a problem.

    Seeing as you’re on the Internet I’d guess that many of your friends and family are too, and that many of them have “Found Friends”. I’ll let you come up with the the logical consequence of that on your own, since you’re so much smarter than people who don’t use Facebook.

    1. Do you mean to say that I was saying I am smarter than people that do use facebook? I couldn’t tell by the way that you wrote that. Anyways, all good points. I don’t know why you have to insult me to make them but, nonetheless, good points. I guess I just feel like one of the pitfalls of using the internet is that, somewhere, data is stored on your actions while doing it. By not using Facebook I attempted to cut down on the amount of truly “personal” data that was voluntarily given to a company by me. I just don’t see data like my address and my phone number as personal data in the way that you do. Those things can be found in so many other places for people that really want them that I have willingly forfeited my right for those things to be “personal” by participating in modern society. I have much more concern about the level of data that our ISPs store about our browsing habits than I am about Facebook somehow acquiring so very rudimentary information about my phone number and address. Magazines that I subscribe to have that information. My phone number is on record next to my name at ATT in their records. What will Facebook do with my address or phone number? Market things to me? I am not being sarcastic. I am really asking you what will come of them having this information about me?

  5. The real question is whether Facebook will receive anything other than a slap on the wrist and then promise not to do it again.  Worst case scenario is that Facebook works with Microsoft and others to ram through parliament exceptions that let them continue to do whatever they want.

  6. No more Facebook for Europeans. Problem solved.

    (Reminded of people who get offended by music they aren’t forced to listen to.)

Comments are closed.