Facebook under pressure for weak consumer policy

EU regulators will decide next week whether Facebook's consumer policy comply the bloc's laws. [European Commission]

European regulators will announce next week whether they will punish Facebook for its consumer terms and conditions, after the company was warned in February that its rules do not comply with EU law.

Vera Jourova, the EU Justice Commissioner who oversees consumer rules, told journalists on Monday (16 July), “the practices of Facebook are again under scrutiny after the company has introduced new terms and conditions at the end of April this year and following the Cambridge Analytica case and introduction of the GDPR.”

The GDPR, the EU’s sweeping new data protection law, took effect on 25 May. In March, news broke that political consultancy Cambridge Analytica had analysed data from around 87 million Facebook users without their consent.

Facebook has since then faced backlash and scrutiny from US and European regulators. In April, the social media giant attempted to win back public support by announcing changes to its privacy policy, including a more detailed explanation of what user data it collects.

Jourova’s concerns over Facebook’s terms and conditions date back to before the massive data scandal. She warned Facebook and Twitter in February that they must change their rules to give consumers clear information explaining why the platforms remove certain posts.

Facebook, Twitter and Google have already complied with an earlier Commission demand to allow EU-based consumers to sue the companies in their home countries. They were previously required to bring cases to courts in California, where the tech companies are based.

Consumer watchdogs want fines against Twitter and Facebook for breaking EU rules

Consumer watchdogs have called for the European Commission to introduce a minimum fine against companies that break EU rules, after Facebook and Twitter failed to reform their user terms.

An EU source confirmed that the Commission will announce its decision next week on whether to punish Facebook for failing to comply with the bloc’s consumer laws. An early assessment of the April update to the company’s privacy policy showed that even the latest version explaining how the firm collects data still does not comply with EU rules.

“Not all the changes are in line with consumer laws”, the official said.

The group of national consumer protection authorities from EU countries will send a letter to Facebook describing its decision. National consumer regulators act independently since there is no EU-level authority in charge of sanctioning companies. But the watchdogs have cooperated with each other and shared information on company violations in the Facebook case and other large-scale inquiries.

Jourova said on Monday, “we are now looking at how Facebook is asking for consent for personal data. For instance, if they are clear enough in their terms and conditions, how they are using the personal data of people.”

“We would like Facebook to take more responsibility for other apps and third parties that use their service. The story of Cambridge Analytica shows that Facebook must improve how it sees its relationship with other companies that are on the platforms,” she added.

A Facebook spokeswoman had not responded to a request for comment at the time this story was published.

Under the GDPR, people can give their consent to allow companies to process their personal data.

If firms break the data protection law, national privacy regulators must investigate and decide whether to impose sanctions. Jourova oversees both EU data protection and consumer law.

She proposed an overhaul to EU consumer rules in April that would raise the level of fines against companies to a maximum of 4% of their annual turnover in a given European country. The bill is in early phases of legal negotiations.

Christoph Schmon from the European Consumer Organisation, said “there should be heavy and deterrent sanctions” against firms that don’t comply with consumer rules.

Data protection regulators have not weighed in on the decision expected next week on Facebook’s terms and conditions. If consumer regulators choose to sanction the company, those will not be based on the high-level fines outlined in the GDPR.

The UK data protection authority announced last week that it will fine Facebook £500,000, or around €564,000, for violating privacy rules by allowing Cambridge Analytica to collect its users’ data. Elizabeth Denham, the UK information commissioner, said the fine would have been higher if the breach had taken place when the GDPR was already in effect.

MEPs outraged over Zuckerberg’s EU Parliament show

Tensions soared between a handful of leading MEPs and Facebook CEO Mark Zuckerberg as the 34-year-old billionaire avoided answering detailed questions on the company’s data policies during a meeting in the European Parliament on Tuesday evening (22 May).

Subscribe to our newsletters