Facebook acted like the US’s National Security Agency, spying without authority on European users, lawyers representing the Belgian data protection authority said on Monday.
In opening arguments in a closely watched case being brought against the social network company, Frederic Debussere, representing the Belgian privacy commission (BPC), referred to NSA whistleblower Edward Snowden’s revelations about surreptitious mass surveillance by the spy agency.
“When it became known that the NSA was spying on people all around the world, everybody was upset. This actor [Facebook] is doing the very same thing, albeit in a different way,” he said.
The BPC brought a lawsuit against Facebook after accusing it of “trampling” over Belgian and European privacy law. In a report and an opinion the BPC detailed Facebook’s alleged breaches, including the tracking of non-users and logged-out Facebook users for advertising purposes.
The BPC is threatening Facebook with fine of €250,000 ($280,213) a day for failing to respond to its demands.
Cookie use in dispute
Facebook has repeatedly denied the claims, saying that the data and conclusions in the BPC’s Facebook privacy report are false.
A Facebook spokesperson said: “We will show the court how this technology protects people from spam, malware, and other attacks, that our practices are consistent with EU law and with those of the most popular Belgian websites.”
Facebook has also repeatedly stated that its European operations and practices are audited and governed by the Irish data protection agency, for the company’s European headquarters are situated in Dublin, Ireland.
Paul Lefebvre, representing Facebook, said: “How could Facebook be subject to Belgian law if the management of data gathering is being done by Facebook Ireland and its 900 employees in that country?”
‘Don’t be intimidated’
The case is being watched intently by the rest of Europe where data protection regulators across the region, including the Netherlands, have also begun to question Facebook’s privacy practices.
“Don’t be intimidated by Facebook,” said Debussere. “They will argue our demands cannot be implemented in Belgium alone. Our demands can be perfectly implemented just in this country.”
Facebook said: “We’ve repeatedly offered to help resolve the Belgian data protection authority’s concerns, but it instead took Facebook to court claiming we do things we don’t do. The Belgian data protection authority conceded its original case and is now trying to stop Facebook from using security technology because they misunderstand it.”
President of the Belgian commission Willem Debeuckelaere said in May that Facebook’s treating of users’ private lives “without respect needed tackling” and that it was a “make or break time”.
“We remain open to discussing these issues directly with Belgian Data Protection Authority as a better option than doing this through unnecessary litigation,” said a Facebook spokesperson.