Can Max Schrems Succeed in Challenging Facebook's Data Collection Habit, Which Now Includes Shadow Profiles?

Can Max Schrems Succeed in Challenging Facebook's Data Collection Habit, Which Now Includes Shadow Profiles?
Page content

We’ve all heard the stories about Facebook and their flagrant disregard for our privacy. Some of us might even know about the various ways in which our personal information is imaginatively used to generate income, for targeting adverts and for tracking our progress around the web on any page equipped with a “Like” button.

It’s a bit old hat to start whinging on about Facebook and their cavalier attitude to your date of birth, your favorite record and the name of your best friend who isn’t on Facebook but for whom you once looked.

Yep, it’s even getting terribly clichéd to even throw around adjectives such as “flagrant” and “cavalier” when discussing the matter of Facebook’s handling of its user’s data.

I mean, it’s not as if anybody actually complains is it?

Well, no one other than Max Schrems, a rather fascinating chap who has recently taken it upon himself to begin challenging Facebook on their blatant misinterpretation (or disregard) of European data protection laws. These laws cover everyone from Ireland and the UK to Romania, Greece, Norway – pretty much every single EU member state.

And Mr Schrems is pretty dogged.

Your Friends Might Not Be on Facebook…

…but Facebook might well know all about them - and if it doesn’t, it certainly wants to!

One of the most astonishing things (and if you decide to investigate any of this in detail, you’ll find that this is the tip of a huge iceberg) that has come out of Max Schrems’ investigations of Facebook is their collection of “shadow profiles,” effectively the names and email addresses of your friends that aren’t on Facebook.

These are collected via mobile phones or other devices with Facebook integration, and basically shouldn’t be stored without the person’s consent.

Now, there is a lot of detail to get into concerning this, so let’s just understand that Schrems contends that Facebook are seemingly acting beyond the law in Europe, and via their Ireland headquarters (where all non-US and Canadian Facebook users are engaged in an agreement with the company, North American Facebook is in a US jurisdiction) he has been sending various complaints concerning the social network’s misuse of data and its alleged disregard for European data protection laws.

Who Is Max Schrems?

To get an idea of just how serious these claims are – and what grounds Max Schrems has for making them – let’s find out a little bit more about him. It seems that Schrems is a 24 year old law student from Vienna, Austria, and that the whole matter kicked off while he was a visiting student in California earlier this year. While there, he was lucky enough to be part of a class that featured a talk from a Facebook representative, who it appeared had very different ideas about European privacy laws…

So far 22 complaints have been filed by Schrems, possibly one of the most persistent and passionate students you could hope to come across.

Now, it isn’t as if Schrems has a grudge against Facebook. He uses their service, and enjoys social networking. All in all, he’s an average Joe who noticed that Facebook weren’t playing by the rules as he understands them, and he’s made it his personal aim to bring them to book on this.

As any changes that Facebook implements in response to Schrems’ complaints will be felt worldwide, it seems likely that all users will benefit from this, whether they’re in the USA, Australia, Japan or wherever.

What Is Facebook’s Response?

Now, it’s been one-way traffic so far. Max Schrems’ complaints center on the possible misuse of personal data by Facebook, but what does the social network have to say on this matter?

A Facebook spokesperson told me:

“Facebook provided Mr Schrems with all of the information required in response to his request. It included requests for information on a range of other things that are not personal information, including Facebook’s proprietary fraud protection measures, and ‘any other analytical procedure that Facebook runs.’ This is clearly not personal data, and Irish data protection law rightly places some valuable and reasonable limits on the data that has to be provided.”

Facebook makes the argument that by asking for data from “any other analytical procedure that Facebook runs” Schrems crosses the line between the data he has entered into the system that he has access to, and the processes Facebook uses to run their service. These are processes they want to keep to themselves the way a cook would their secret recipe: They are trade secrets developped at immense expense. This is a complex matter, one which Facebook confirms it is in contact with Max Schrems to discuss.

A Favorable Outcome for All?

As a European student, Max Schrems appears to be interested in this matter both as a man who should know how his personal data is being used and as a student of the law. When I spoke to him this week, I was interested in how positive he was that authorities and Facebook would respond favorably to the various complaints.

“At the beginning we just wanted to give it a try, because there is nothing we could lose. Now we are rather positive that the Irish authorities will make Facebook change a whole lot.

“If you read the interviews with the authority it seems like they are taking the cause very seriously.”

At present it isn’t clear how long we will have to wait before any decision is made and subsequent changes applied. But if Mr Schrems’ and his group’s actions result in Facebook users having better control over their personal data then this can only be a good thing. Certainly over the past few weeks and months this campaign has grown in stature, and been featured in the Huffington Post, The Guardian and The Independent newspapers in the UK and even Fox News!

Find out more about Max Schrems and Europe versus Facebook at