The social network giant Facebook Inc. is facing tougher scrutiny in Europe after a Belgian watchdog group determined that the company’s privacy policy violates European Union law.

The Belgian government’s Privacy Commission enlisted the help of academics from the Catholic University of Leuven and the Free University of Brussels to scrutinize Facebook’s current privacy policy for several weeks to see if it complied with the requirements of EU privacy laws. In the report published on Monday by the Belgian Data Protection Authority, the two groups concluded that not only were the policies insufficient, but they were actually breaking the law.

“Much of the [Data Use Policy] consists of hypothetical and vague language rather than clear statements regarding the actual use of data,” the reports says. “Moreover, the choices Facebook offers to its users are limited. For many data uses, the only choice for users is to simply ‘take-it-or-leave-it’. If they do not accept, they can no longer use Facebook and may miss out on content exclusively shared on this platform. In other words, Facebook leverages its dominant position on the OSN market to legitimise the tracking of individuals’ behaviour across services and devices.”

Facebook policy lacks “sufficient” information

The report cites multiple issues with the way Facebook collects and utilizes user data, as well as the inadequacy of the privacy policy in explaining these uses. According to the report, Facebook fails to accurately inform users of how their information is tracked, how third-party apps use that information, how thoroughly users can delete their data, and so on.

“In conclusion, Facebook fails to provide (sufficient) granularity in exercising data subject’s rights,” the report says.

The report serves only to inform Belgian law-makers and has no authority itself, but its conclusions can lead to further actions against Facebook.

“We’re confident the [privacy policy] updates comply with applicable laws,” said a Facebook spokesperson. “As a company with international headquarters in Dublin, we routinely review product and policy updates ­ including this one with our regulator, the Irish Data Protection Commissioner, who oversees our compliance with the EU Data Protection Directive as implemented under Irish law.”

photo credit: System Lock via photopin (license)