Does The Safe Harbour Framework Really Protect Your Social Data?
The European Union has strict laws surrounding its citizens data and sees online privacy as a basic human right. However, the United States has a much more lax attitude to personal online data, with the main issues being linked to consumer rights. This division of views led to the EU-US Safe Harbour framework being created in 2000 as a way to help create stringent protocols for EU data reaching the US. Without the Safe Harbour framework it is prohibited to transport EU citizens data outside of the Eropean Union and the framework is there to protect sensitive data when being transmitted to the US.
The framework currently states that companies operating in the EU can only transmit citiscens’ data on a self-certify basis. However, the US government’s Prism data collection program breaches the EU’s privacy protection program, which means that the Safe Harbour framework does not apply for data being held by US businesses that is passed onto US intelligence agencies for widespread surveillance.
It has been argued that the Safe Harbour framework violates the EU’s Data Protection Directive and therefore cannot guarantee the protection of data coming from the EU. As a result it has been suggested by The European Commision that EU residents should not use Facebook if they want to keep their information secure from intelligence and security services in the US. There is no guarantee that data transmitted by other large companies such as Apple, Microsoft and Yahoo is protected either, and consequently these companies have all had complaints lodged against them regarding data transmission.
It has recently emerged that Facebook uses tracking cookies on web visitor’s computers, whether they opt out of tracking or not. A report compiled by the Belgian Privacy Commission details how Facebook tracks the movements of visitors who are logged out of the site or don’t even have an account, by placing tracking cookies on the visitor’s computer which last for two years. According to EU law, web visitors must give their consent for cookies to be placed on their computer, but Facebook is not only using these cookies without permission, it is also adding further cookies when a user visits a website suggested by Facebook to opt out.
The cookies are being used to track movements across the internet in order to sell targeted adverts and the cookies are also being placed and tracked by websites which feature only the ‘like’ button, including health and government information sites.
In monitoring users in this way, Facebook is in violation of data rights and EU privacy laws that require effective and consented opt in and opt out mechanisms. The report also found that the European Digital Advertising Alliance’s opt out service, which is used by Facebook, Google, Microsoft and other companies, is ineffective in the EU and does not prevent a web visitor from being tracked.
It is the kind of social data that Facebook gains from following its users around the web through cookies that the Safe Harbour framework does not properly protect. While the EU-US framework has strict privacy measures in place to protect the data of EU residents and prevent it being sent to areas with weaker privacy laws, information about browsing habits is not currently protected from being passed onto agencies when it reaches the US.
Short of never connecting to the internet again, how do EU residents keep their data safe? This is a question that cannot fully be answered unless companies are willing to comply with continental laws, but for now it may be wise to limit the use of Facebook. Complaints into the disregard of the Safe Harbour framework are currently being examined by the European Court of Justice which should reach an opinion before July. After that, it may be all change for the current Safe Harbour framework and it may at last be possible for users to confidently and privately browse the web.