Belgium’s DPA: Facebook subject to Belgian law

Facebook is disregarding Belgian and European Data Protection legislation, Belgium’s Data Protection Authority says. The DPA has adopted a recommendation, as opposed to a decision, which says that this was a necessary step after months of unsuccessful correspondence and fruitlessly exchanging ideas. The recommendation relates to Facebook, Facebook users and providers of Facebook services, particularly plug-ins.

Part of the problem is that Belgium’s Privacy Commission says that the Belgian DP law applies to Facebook, but the company considers itself only subject to Ireland’s law as it has its EU headquarters in Ireland. But Belgian citizens use the services, and the Facebook Group also has an establishment in Brussels, Belgium, the DPA says. In addition, managers of Facebook Belgium are top-ranking managers of US-based headquarters, Facebook Inc. The DPA concludes that Facebook Belgium is, therefore, subject to Belgian DP law.

The Privacy Commission's President, Willem Debeuckelaere, said: "Facebook is the social network par excellence which almost half of all Belgians are a member of. The way in which these members' and all Internet users' privacy is denied calls for measures. With this recommendation we have taken a first step towards Facebook and all Internet stakeholders who use Facebook, in order to ensure they start working in a privacy-friendly way. It's bend or break."

Facebook has run into the same problem in other EU countries. The EU DPAs have established a Task Force to work together on this issue – current members are Belgium, Germany (Hamburg), Spain, France and the Netherlands.

The DPA’s findings are based on a study conducted by Vrije Universiteit Brussels. The study analysed Facebook’s revised policies and terms.

Information about the study