A recent court ruling in Belgium highlights the growing challenges for both businesses and governments to leverage the data that they can collect. As discussed in my 2 previous blog posts listed below in sources, fundamental differences in approaches to privacy are impacting international business. The policy/technology struggle will continue.
In the Belgium case, the court ruled that Facebook could not track non-Facebook users that visited Facebook sites. The reasoning of the court was that merely visiting a Facebook webpage did not grant the individual’s consent to Facebook’s terms of reference which include tracking via web cookies. This situation applies when a non-Facebook user follows a link from a third party site to the site for a Belgian soccer club for instance. It does not apply to registered Facebook users since they are assumed to have accepted the terms of reference when they established an account. The Belgian Privacy Commission, the national privacy regulator, brought the case based on a lack of consent and opacity in how the data was to be used.
Facebook argued that the feature was designed to protect legitimate users from being targeted by computer driven browsing designed to steal personal data. Facebook’s legal defense was based in part on a lack of jurisdiction. Facebook argued that since its European offices are based in Ireland, it was only required to respond to Irish privacy regulation. The court’s decision rejected this argument. It is the first application of the recent European Union Court of Justice ruling that US-EU Safe Harbor agreement was invalid and thus companies had to apply individual national regulations on privacy vice an EU-wide standard. The rejection of the Safe Harbor Agreement and the E.U.-US Umbrella Accord on privacy will now likely open the doors to additional cases in other jurisdictions.
Meeting the requirements of multiple nations with differing views will be costly. It underlines the importance of reaching international consensus on policy issues surrounding the Internet and e-commerce. That consensus will be difficult to achieve. Expect future trade negotiations to include much more discussion of e-commerce. The recently concluded Trans-Pacific Partnership (TPP) includes significant sections on e-commerce including agreements specifically prohibiting localization rules on servers and data storage. There are already objections on privacy grounds.
Protection of intellectual property, privacy, transparency, and security will remain potent issues in cyber policy for the foreseeable future. How the emerging field of digital human rights interacts with traditional commercial and security concerns promises to be fascinating.
Trans Pacific Partnership to open e-commerce floodgates. Retrieved November 10, 2015, from http://www.afr.com/technology/trans-pacific-partnership-to-open-ecommerce-floodgates-20151005-gk20wz
Drozdiak, N. (2015, November 10). Belgian Privacy Watchdog Hails Facebook Court Ruling. Wall Street Journal. Retrieved from http://www.wsj.com/articles/belgian-privacy-watchdog-hails-facebook-court-ruling-1447162169
Release of the Full TPP Text After Five Years of Secrecy Confirms Threats to Users’ Rights. (n.d.). Retrieved November 12, 2015, from https://www.eff.org/deeplinks/2015/11/release-full-tpp-text-after-five-years-secrecy-confirms-threats-users-rights
My blog post: “Data Protection, Data Storage, and the complications of international business” http://www.nationalcybersecurityinstitute.org/international/data-protection-data-storage-and-the-complications-of-international-business/
My blog post: “Expanding the right to be forgotten” http://www.nationalcybersecurityinstitute.org/international/expanding-the-right-to-be-forgotten/