Facebook's new terms of service violates EU law, Belgian groups say

The groups, which analyzed the social network's new terms of service and data policy at the request of Belgium's Privacy Commission, say Facebook is placing too great a burden on its users.

The main page for "Privacy Basics," a new tips and FAQ hub on Facebook. Facebook

The world's largest social network is under scrutiny in Europe, following the publication of a report asserting that its updated terms of service and data policy are illegal.

At the request of the Belgian government's Privacy Commission, two groups spent the last several weeks analyzing Facebook's updated terms of service and data policy. On Monday, they declared that the company is acting unlawfully in Europe.

"To be clear: the changes introduced in 2015 weren't all that drastic. Most of Facebook's 'new' policies and terms are simply old practices made more explicit. Our analysis indicates, however, that Facebook is acting in violation of European law," University of Leuven's Interdisciplinary Centre for Law & Information and Communication Technology and the Free University of Brussels' Department of Studies on Media, Information and Telecommunication said Monday. Both are part of Belgian government's iMinds digital research center.

Facebook announced plans last year to update its terms of service and data policy. The new policies, which went into effect in January, provide a slightly modified framework for how Facebook can use site information for advertisements.

According to the new report, Facebook "places too much burden on its users" by requiring them to change a wide array of settings to maximize privacy. The company was also cited for its handling of social ads and for providing people no control over the use of location data or of their appearance in ads.

"Users do not receive adequate information," the report asserts. "For instance, it isn't always clear what is meant by the use of images "for advertising purposes". Will profile pictures only be used for 'Sponsored Stories' and 'Social Adverts', or will it go beyond that? Who are the 'third party companies', 'service providers' and 'other partners' mentioned in Facebook's data use policy? What are the precise implications of Facebooks' extensive data gathering through third-party websites, mobile applications, as well recently acquired companies such as WhatsApp and Instagram?"

In a statement to CNET, a Facebook spokesperson said that the company's updated policies are actually "more clear and concise." The rep said the updates do a better job than the previous versions at highlighting "new product features...and expanding people's control over advertising."

"We're confident the updates comply with applicable laws," the spokesperson said. "As a company with international headquarters in Dublin, we routinely review product and policy updates ­ including this one ­ with our regulator, the Irish Data Protection Commissioner, who oversees our compliance with the EU Data Protection Directive as implemented under Irish law."

Terms of service and data-use policies have long been the subject of debate. Technology companies require that users accept terms of service, but it's rare that people actually read through them. They instead click their way through the prompts to get to a service.

Unfortunately, users have little option in those scenarios: it's either accept the terms or don't use the service. Those who want to use the service therefore only have one choice.

Still, Facebook has been trying to improve its transparency. Users now regular see notifications alerting them to changes in Facebook's privacy policies and terms of service, and the social network said last year that it would remove as much legal jargon from those documents as possible to make them more understandable.

Looking ahead, the two Belgium-based groups said they will continue to investigate Facebook on behalf of the Belgian Privacy Commission and report back on their findings. There is no indication now, however, that Facebook will be formally charged. At this point, the report amounts to claims made against Facebook by groups with no regulatory power. The Belgian Privacy Commission, along with other data protection authorities around Europe, would need to formally bring charges against Facebook.

The Belgian Privacy Commission did not immediately respond to a request for comment on its plans, now that it has the report.

Featured Video