Stanford CIS

Facebook is at the center of a huge privacy controversy. For once, it isn’t Facebook’s fault.

By Henry Farrell on

The Advocate-General of the European Court of Justice, the European Union’s closest equivalent to the U.S. Supreme Court, has just made a key finding in a court case involving Facebook. If the court follows his recommendation – which it does 80 percent of the time – either the U.S. will have to change its laws on surveillance or companies like Facebook and Google will find their European business models undermined.

This time, it’s not Facebook’s fault

Facebook has a terrible reputation among mainland European privacy regulators. In part, this may be because of inflammatory statements like Facebook CEO Mark Zuckerberg’s claim that people don’t really care about privacy any more. Yet given Facebook’s business model – which involves gathering detailed personal data about its users before serving them up on a platter to advertisers – it’s unlikely that privacy officials would love Facebook even if it had a more diplomatic CEO.

However, even if Facebook abandoned most of its controversial policies, it would not have been able to avoid this preliminary opinion. The Advocate-General isn’t worried about what Facebook does to its users’ personal data. He is worried about what U.S. surveillance agencies can do with Facebook’s data after Facebook has gathered it.

The target is bigger than Facebook

Facebook uses the so-called “Safe Harbor” arrangement to transfer its users’ personal data from Europe to the U.S. It’s not alone in this – other big e-commerce companies like Google and Amazon (whose CEO Jeff Bezos owns the Washington Post) use the Safe Harbor too. As this academic article that one of us wrote in 2003 discusses, Safe Harbor was a set of rules negotiated by the EU and U.S. to allow U.S. companies to transfer the personal information of European citizens to the U.S.

Read the full piece at The Washington Post.