Facebook will have to notify users of privacy breaches, EU says

20 May 2010

The lawyer who spearheaded the legal battle against Microsoft resulting in a €497m fine against the software giant said the European Commission will expect social networking sites to notify users and authorities in the event of a privacy breach.

The European Commission will be paying close scrutiny to how social networks like Facebook protect users’ privacy to inspire confidence in the web among European citizens, Anthony Whelan, who is a key figure leading the EU’s Digital Agenda, explained.

Whelan, Chef de Cabinet to vice-president of the European Commission with responsibility for the Digital Agenda, Neelie Kroes, told the Irish Internet Association’s annual congress that as part of the Digital Agenda unveiled yesterday it is vital that European citizens feel more comfortable with the internet in order to benefit from the digital age.

Whelan’s work

Whelan spearheaded the European Commission’s high-profile legal battle against Microsoft that resulted in a €497m fine against the company over how it bundled Internet Explorer in Windows.

In recent weeks, Facebook walked itself into a major controversy over privacy after CEO Mark Zuckerberg made sweeping statements about the ‘death of privacy’. Efforts by executives to calm growing fears weren’t helped by a series of security glitches on the world’s biggest social networking site.

Europe, he said, is fragmented in terms of the web because of the difficulties borders, languages and cultures impose, unlike economies like the US, where digital music sales and other forms of media consumption excel.

A key aim of the European Commission is to remove any doubts in European citizens’ minds about the internet and the only way to do that, Whelan said, would be to inspire confidence in the internet and e-tailers, by tackling issues like privacy, copyright and connectivity head-on and ideally create a Single European Market for the digital economy.

Effect on digital confidence

Whelan said that recent controversies around the privacy of social networking sites like Facebook do not help in inspiring digital confidence.

He told the IIA conference: “It is vital that we create a data protection regime in which citizens have confidence.

“We are aware of the recent controversies of the social networking world around privacy settings.

“We don’t just need good rules but good incentives and one of the things the EU recently introduced for the telecoms sector and this will be spreading to other sectors is the Security Breach Notification Regime. When an online site has a major security breach that affects the privacy of data you are holding it will have to notify the people and the appropriate data protection authorities.”

Whelan also said the IIA is looking at a Alternative Dispute Resolution regime for online commercial transactions.

“One of the things determining consumers is they don’t know what happens if they have a dispute – having a credible European trusted system of non-costly alternative dispute resolution can calm people’s fears,” he told the conference.

By John Kennedy

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com