16 May
2015

On 13 May the Belgian Authority adopted a first recommendation of principle on Facebook

It has observed that Facebook "processes" the personal data of its members, users as well as of all internet users who come into contact with Facebook. Facebook does this secretively: no consent is asked for this "tracking and tracing" and the use of cookies. No targeted information is provided. The available information is vague and authorizes just about anything.


Following the introduction of new worldwide terms of use by Facebook, a number of European privacy commissions queried Facebook, which was particularly sparing with precise answers and also refused to comply with the request to postpone the entry into force of the new terms of use. Facebook did not accept that it was bound by the national privacy legislation of Belgium, the Netherlands and Germany. It rejected the competence of those countries' supervisory authorities for privacy. Facebook only accepts supervision by the Irish Authority and the application of Irish law.

After months of unsuccessful correspondence and fruitlessly exchanging ideas, the Belgian Authority has now adopted a first recommendation. This document establishes first of all that the Belgian Authority is competent and that Belgian law also applies to Facebook, simply because any national supervisory authority is obliged to ensure privacy protection for its citizens. And Belgian law also applies because the Facebook Group has an actual establishment in Brussels, Belgium.

At the request of the Belgian Authority the inter-university research center EMSOC/SPION (see https://www.law.kuleuven.be/icri/en/news/item/icri-cir-advises-belgian-privacy-l’Autorité de protection des données-in-facebook-investigation) conducted a detailed study into the way in which Facebook deals with its members' personal data. And that of citizens who do not use Facebook or who explicitly opted out of its service.

The research results are disconcerting. Facebook disregards European and Belgian privacy legislation in several ways. In 10 chapters an equal amount of issues have been uncovered. It is the Belgian Authority's ambition to thoroughly look into these issues. Until today, the eighth chapter - "tracking trough social plug-ins" - has been the focus of attention, because it does not only impact Facebook users but also virtually every Internet user in Belgium and Europe.

Since January 2015 the privacy commissions of the Netherlands (the lead authority), Hamburg-Germany and Belgium have worked together as an own-initiative group. France and Spain recently joined the contact group. There are regular consultations with other European sister organisations. An investigation was started in these different countries and their own national procedure is being followed.

Up to this day Facebook refuses to recognize the application of Belgian legislation nor the Belgian Authority. Until now it has always contested the findings of the EMSOC/SPION research report, but it has not provided concrete facts repudiating them. To the contrary: Facebook recognizes that errors, "BUGS" have been uncovered.

The Authority's President Mr Willem Debeuckelaere said: "Facebook is the social network par excellence which almost half of all Belgians are a member of. The way in which these members' and all Internet users' privacy is denied calls for measures. With this recommendation we have taken a first step towards Facebook and all Internet stakeholders who use Facebook, in order to ensure they start working in a privacy-friendly way. It's bend or break."

The Authority's recommendation targets the three groups involved, obviously addressing Facebook first of all. But it also targets webmasters who use social plug-ins. They are recommended to use a tool such as "Social Share Privacy", a two-click solution to social plug-ins, as a valid way to obtain the website visitor's consent. Finally, the recommendation also targets internet users who want to protect themselves against tracking. They are advised to use browser add-ons that block tracking or their browser's incognito mode.

What can be done? What does the recommendation say? Consult our recommendation!