Perhaps no privacy policy draws more attention than the ever-changing privacy policy by Facebook. Many times, it doesn't matter what your privacy policy says. Because compliance is different by country, and sometimes by state, even a well drafted privacy policy can still come under attack. As an internet lawyer, we draft form and customized privacy policies for website clients all the time. Our attorneys regularly hear: "Can I just copy a privacy policy, terms of service or terms of use policy from some other website?" Think about your privacy policy, and your other website agreements, as important protection for your company from liability, violations of law and as part of your customer service model. You should be paying special attentions to your privacy policy and other website agreements as they are integral to your business success. As an attorney who regularly represents the small business interests, I appreciate the fact that new and start-up companies need to save on costs and fees. You can always start with a version 1.0 privacy policy or other website agreement and grow into more sophisticated policies over time.
Ralitsa Vassileva: When you go on Facebook, you poke, tag, friend, like, upload photos and write on walls. What happens to all this personal data for 800,000,000 users? Well, the company is storing it, every bit of it, and if you delete something, that doesn’t mean it really goes away. That’s what set off Max Schrems, an Austrian law student. He requested Facebook to send him his personal data.
Max Schrems: “I got a PDF file on a CD from California, and it had about 1,222 pages with a bunch of information. A lot of it was deleted information, which was very interesting. And, there was also a lot of information that Facebook generated in the background. So, I’m actually not a very heavy Facebook user. I, like, post something once a week or so, but still there was this mass of information that is more than any CIA or KGB ever had about an average person.”
Ralitsa Vassileva: Schrems filed a complaint saying the social-networking website was violating European law, which prohibits companies from saving deleted information for more than a few months. Facebook’s European headquarters in Dublin will soon be subject to a massive audit by the Irish Data Protection Commission. Schrems says Facebook needs to be more transparent.
Max Schrems: “I was, like, studying it for half a year now, and I can still not tell you what they’re doing with my data. And I would say most users are not even able to understand all the policies they put online and all their legal explanations, and I am normally able to understand stuff like that, but in the case of Facebook, I have just no clue what they’re actually doing with my stuff.”
Ralitsa Vassileva: In a response, a Facebook spokesperson said the company provided Mr. Schrems with all the information that was required. Facebook said Irish Data Protection law places what it called "reasonable limits" on data that has to be provided. Ralitsa Vassileva, CNN - Atlanta
Comments