HG Alert: Facebook at Risk of Breaching Privacy Laws - 2 Aug 2010

With over 400 million active users worldwide, Facebook is a force to be reckoned with. However, by collecting information about people who do not have a Facebook page, the popular social networking site could be contravening privacy laws.

Facebook enables users to identify people who don't use Facebook by, for example, 'tagging' someone in a photo or listing someone else's email address as a contact. In normal circumstances, when a user signs up to Facebook, they consent to their personal information being collected for certain purposes, which are outlined in Facebook's privacy policy. The same cannot be said for people who do not have a Facebook page.

In Germany, officials have begun legal proceedings against Facebook, alleging that the site has illegally collected personal information about people who do not have a Facebook page. The German data protection office argues that saving data from third parties is against their privacy laws, and claims to have received numerous complaints from people who have not signed up to Facebook but have had their details added to the website by friends. Facebook is alleged to have used those details for marketing purposes.

Germany has some of the strictest privacy laws in the world. It was the first country to launch an investigation into Google for intercepting personal data from unsecured wireless networks while gathering photos and data for its 'Street View' project.

Under Australian law, if an organisation collects personal information about an individual from someone else, it must take reasonable steps to ensure that individual is made aware of certain information, normally through a privacy policy. If Facebook 'collects' personal information about an individual from someone else in a way that triggers the extra-territorial application of the Privacy Act 1998 (Cth), then it is required to comply with the sections in the Act that govern such collection.

The Australian Privacy Commissioner has powers to investigate and resolve contraventions of the Privacy Act. It can require that an organisation issues an apology, order an organisation to change its practices, and/or award compensation.

The Federal Government is currently considering a draft set of Australian Privacy Principles, which would replace the existing National Privacy Principles contained in the Privacy Act. The new principles would unify the law applying to private organisations and government organisations.

For more information, please contact HopgoodGanim's Intellectual Property and Technology practice.