The report, compiled by the Belgian Centre of Interdisciplinary Law and ICT at the University of Leuven, shows not only are Facebook’s EU citizens still having their rights ignored, but have expanded upon the previous issues flagged with Facebook.
According to The Guardian, some of the major issues raised in the report related to Facebook’s promotion of third-party advertising which do not fall under what could be considered legal consent from the user as well as those parties using their generated content in advertising campaigns.
The user’s location is also a major issue addressed in the report which claims that there is effectively no ability for a person to turn off their location being used in the mobile app directly unless the phone’s location setting is switched off.
Even when a user decides to turn off Facebook’s access to location data, this still does not prevent the app from passing on the person’s location to advertisers and Facebook themselves.
“Pictures taken with smartphones, for example, often contain location information as metadata,” said the report.
“As a result, location data may be shared indirectly when uploading pictures to Facebook. Combined with features such as facial recognition, it is fairly easy to pinpoint the location of specific individuals to specific locations in time.”
We comply with Irish law – Facebook
With its international headquarters based in Dublin, Ireland’s own data protection laws have come under scrutiny in the past for its regulation of Facebook, particularly in Europe.
However, the social network has discussed this latest damning report with the Belgian privacy group but have refuted their claims saying everything they have done is above board under Irish law.
“We’re confident the updates comply with applicable laws,” said a Facebook spokesperson. “As a company with international headquarters in Dublin, we routinely review product and policy updates including this one with our regulator, the Irish Data Protection Commissioner, who oversees our compliance with the EU Data Protection Directive as implemented under Irish law.”