Privacy Inquiries into Facebook Europe

By David Bell and Hope Hughes Facebook’s privacy policies have faced close governmental scrutiny throughout Europe. Here, we review a few notable developments.

On one extreme is the German state of Schleswig-Holstein, which apparently does not “like” Facebook. Schleswig-Holstein ordered state institutions to delete their Facebook pages and to remove the “Like” button from their websites or face fines.

The edict resulted from the Schleswig-Holstein data commissioner’s concern that Facebook builds profiles of users and non-users based on data Facebook collects when users click the Like button. Such a practice, the state alleged, violates German and European data protection laws.

Facebook disagrees. As reported on, a Facebook spokesperson stated: “The Facebook Like button is such a popular feature because people have complete control over how their information is shared through it.” Facebook also points out that the only information it receives, when a user who is not logged on hits the Like button, is an IP address. Nonetheless, in October, Facebook relented and agreed to exempt Schleswig-Holstein from information collection efforts.

A more thorough audit of Facebook’s European privacy controls was conducted by the Data Protection Commissioner in Ireland. As Facebook’s international headquarters are based in Dublin, the Commissioner has jurisdiction over Facebook Europe.

It analyzed the data that Facebook collects of non-users, such as people who click on Facebook “like” buttons on third-party websites. Although Facebook theoretically could create shadow profiles of non-users through those plug-ins, the Commissioner did not find such evidence. It is not yet clear if Schleswig-Holstein will change it position due to these findings.

In fact, the Data Protection Commissioner in Ireland found that Facebook has proven a commitment to better protection of users’ privacy in various ways.

The Commissioner nonetheless made a few suggestions to Facebook to improve its transparency and user controls. Facebook agreed on December 21st to do so over the next six months. Changes that can expect to be seen in Europe, and perhaps elsewhere, include:

  • Better notification to users about how to opt out of the Tag Suggest facial recognition tool;
  • Greater transparency about how advertisers and third-party app developers will use information collected;
  • Quicker deletion of personal data stored by Facebook; and

  • Users’ ability to request information about their stored personal data.

See the Haynes and Boone website at This piece was written by David Bell and Hope Hughes of Haynes and Boone, LLP, an international law firm headquartered in Dallas.  David chairs its national Social Media Practice Group, comprising 40 lawyers with expertise in intellectual property, privacy, corporate, labor and employment, and litigation issues.  Hope is also an active member of the group and a trademark lawyer.

David can be found at david.bell@haynesboone.com, and

Hope can be found at and

Survey: How do you use LinkedIn?

What the Google+/Twitter Feud Means for Your Company