EU Cyber Privacy Showdown Looms
You have been tagged in 12 photos - even if you're not signed up to the Web site.
European regulators are investigating whether the practice of posting photos, videos and other information about people on sites such as Facebook without their consent is a breach of privacy laws.
The Swiss and German probes go to the heart of a debate that has gained momentum in Europe amid high-profile privacy cases: To what extent are social networking platforms responsible for the content their members upload?
The actions set the stage for a fresh battle between American Web giants and European authorities a month after an Italian court held three Google executives criminally responsible for a user-posted video.
Any changes resulting from the investigation could drastically alter the way Facebook, Google's YouTube and others operate, shifting the responsibility for ensuring personal privacy from users to the company.
Swiss and German data protection commissioners are demanding that Facebook explain its practice of allowing users to upload e-mail addresses, photographs and other personal details about people who haven't signed up to the site.
"The way it's organized at the moment, they simply allow anyone who wants to use this service to say they have the consent of their friends or acquaintances," Swiss commissioner Hanspeter Thuer told The Associated Press.
To conform with Switzerland's strict privacy law, Facebook could be required to contact people whose information has been posted online and ask them whether they agree to its being stored there, he said.
Thilo Weichert, data protection commissioner in the northern German state of Schleswig Holstein, said in a telephone interview that Facebook's assertion that it gets necessary consent for the posting of personal information is "total nonsense."
"We've written to Facebook and told them they're not abiding by the law in Europe," he said.
The probes by the German and Swiss privacy watchdogs are still preliminary and would not have immediate consequences elsewhere. However, Weichert said the issue is being discussed with other data protection officials in the 27-nation European Union, which in 2000 declared privacy a fundamental right that companies and governments must respect.
The European stance differs strongly from the self-regulatory, free market approach favored in the United States, where Web companies have flourished by offering users free services if they provide personal information to help advertising target them better, according to Columbia University law professor Eben Moglen.
"If the European regulators get serious, it will create a significant conflict," said Moglen, who has been examining online privacy issues since the early days of the Web.
Richard Allan, director of policy for Facebook Europe, said some of the functions being scrutinized - such as those allowing users to upload their friends' e-mail addresses to find them online - were common across the industry. The company has recently added a tool for nonusers to have their data removed, he said.
"As a global company what we're trying to do is to make sure that our systems meet the requirements of all the jurisdictions in which we operate," Allan said.
According to Joe McNamee of the Brussels-based advocacy group European Digital Rights, one of the most common complaints about Facebook is its habit of getting users to 'invite' their e-mail contacts to become members too.
"The receiver didn't want the messages, and the sender didn't realize they were going out," said McNamee. "You would have to search long and hard for someone who would see consent in there."
European Union privacy watchdogs showed their appetite for going after Google last month, when the 27-nation bloc told the search giant to warn people before it sends cameras into cities to take pictures for its Street View maps.
Google's data privacy chief Peter Fleischer said he is also "still reeling" from the Italian court decision that sentenced him and two other senior officials to six-month suspended sentences for violating an autistic teenager's right to privacy by allowing a video of him being bullied to be posted on the Net.
Vetting all user-generated content would be costly because of the vast amount of data involved, said Fleischer. It could also come close to censorship, because companies would be forced to draw the line between legitimate free speech and invasion of privacy, he said. Blogger, YouTube and other Google products have long been used by activists from Iceland to Iran to document government and corporate abuses.
But Fleischer acknowledged that users themselves should be more thoughtful about what they post, especially if it involves private material about others.
"Both as a matter of common sense and as a matter of common courtesy, users should not upload photos or videos of other people unless those other people consented," he said.
Privacy concerns prompted the Mountain View, California-based company last year to hold off including face recognition when it launched Google Goggles, a tool to identify and provide information about objects inside pictures. Another company, Face.com, has gone ahead with its own face-recognition tool, though CEO Gil Hirsch says there are built-in restrictions to ensure privacy.
While Facebook and Google say they are committed to working with European regulators, privacy campaigners say the companies move only as fast as absolutely necessary. Earlier this year Facebook agreed to raise the minimum age for users in Spain from 13 to 14, to conform with the country's privacy laws. It has no such age requirement for information users posts about others.
Moglen, of Columbia University, said even if European regulators rallied together they would find it difficult to force their rules upon U.S. companies, given the close relationship between Silicon Valley and the administration of President Barack Obama.
"If the Europeans want that fight, then surely the American government wants the other side."