French privacy regulators move against Facebook ahead of Privacy Shield
CNIL, the French data protection authority, has come down hard on Facebook. It gave the social media giant only three months to stop tracking non-users' web activities and ordered a stop on data transfers to the U.S. Interestingly, this could mean more than just a French action. It could pressure the EU to follow suit instead of waiting on the Privacy Shield to fail or be approved as was originally the plan.
"The statement shows that EU DPAs are not simply waiting for Privacy Shield to be adopted," said Luca Schiavoni, Senior Analyst, Regulation, at advisory firm Ovum.
"Privacy Shield is supposed to replace the now-defunct Safe Harbor agreement, which ensured the smooth transfer of personal data between the EU and the U.S. However, following last week's announcement by the European Commission, it is yet to be finalized and is already attracting skepticism about its effectiveness from many stakeholders."
However, there may be more than eyebrow-raising skepticism at work here.
"Strikingly, the head of the CNIL is also the head of the Article 29 Working Party, which groups together EU DPAs and sets out their common positions on privacy issues," said Schiavoni.
"Last week, the Article 29 Working Party said that it is ready to wait until April to see the Privacy Shield approved and in force," he added. "Monday's move from the CNIL signals the French DPA's clear intention to put pressure on the EU to obtain a meaningful and functional deal with the US and to ensure that protection of EU citizens' personal data does not remain a mere principle."
It's clear that privacy issues are not going to go away and lip service isn't going to solve anything. Citizens all over the world are insisting on meaningful protective measures from regulators. It is rather striking that U.S. citizens are not clamoring quite so loudly for privacy protection along these same lines from Facebook. That may be simply because too few Americans realize that Facebook tracks even non-users across the web.
It doesn't help that U.S. lawmakers are lukewarm if not cold on privacy issues. But we don't necessarily yet know how serious the French regulators are either.
"We will have to wait for three months to see if the CNIL will follow up on its stated intentions," said Schiavoni.
- see this Reuters report
Safe Harbor deal tentatively struck between US and European Union
Lack of data privacy rights in US may end European 'Safe Harbour' agreement
Missed chance for Safe Harbor 2.0 means we'll likely see stricter EU data privacy rules