Monday June 8th will go down as a bad day in Facebook history, after France joined India by telling the social network to Zuck off.
France’s complaint relates to Europe’s safe harbour laws, under which Facebook has sent data about members back to the United states for light, non-invasive data mining and secure storage ruthless value rendition.
But now that Safe Harbour’s been silted up, the chair of France’s Commission Nationale Informatique et Libertés (CNIL) wants Facebook to stop sending data offshore. An order (PDF) to that effect says Facebook has no legal basis for data processing under France’s laws, so needs to get its paws off members personal data, especially stuff like their sexual orientation and political views. CNIL is also concerned about Cookies Facebook places on the devices of those who visit the site but aren’t members, because data collected includes browsing history.
Facebook’s use of user data to target ads is invasive, the Commission argues, because there’s no way to opt out and therefore violates the right to privacy.
For those reasons, and more, France wants Facebook to stop sending data to the USA and also to provide an explicit opt-in tick box so that users consent to data collection. The Social NetworkTM’s parent company and Irish offshoot have both been given three months to get this done. If the company can’t, or won’t, CNIL says it is open to appointing a rapporteur who would have the option of referring Facebook to the organisation’s Select Committee which itself might one day get around to deciding a penalty.
Which doesn’t sound like an arrangement likely to spur Facebook into rapid action.
Another worry the CNIL raises is Facebook’s password policy, which says it requires something complex but will actually allow “1234567a”. That credentials of that simplicity are permitted, the ruling says, is itself a risk to users’ privacy. ®
Building secure multi-factor authentication