Schrems contends that Facebook collects too much information on its users, keeps it too long and uses it for purposes that violate European privacy laws. As evidence, he points to the 1,222 pages of data the social media company catalogued on him before he formally requested his file from Facebook last year.
The account it offered of his life — every friendship declared, every photo uploaded, every “poke” or comment or invitation sent or received over three years of casual use — sparked an online sensation when he posted it on a Web site he christened “europe-v-facebook.org.” Within a few months, 40,000 users had requested their own data, overwhelming Facebook’s system for handling requests under what until then had been a little-known provision of European law.
A year later, regulators are engaged, and the social media site has made a series of changes to its privacy controls.
Yet Schrems and his small band of supporters are still bridling for a definitive legal showdown that could lead to sharp new limits on how Facebook and other Internet companies collect and use the personal information of their users, in Europe and beyond. At the core of the fight is one of the overarching questions of our time: Who has rights to the trillions of bits of data users create online every day?
“We’re right now defining what our world is going to look like in 20 years,” said Schrems, who has sandy brown hair and a faint resemblance to Facebook founder Mark Zuckerberg.
The issues raised by Schrems speak to the dilemma facing the company as it seeks to meet Wall Street’s demands for greater profitability in the aftermath of a troubled initial stock offering in May. Advertisers want access to more data for better targeting of their messages, but users have rebelled when they think Facebook has gone too far in sharing their information.
The company has disputed the most sweeping of the allegations by Schrems and says it collects only the data it needs to keep the social media site working smoothly. It also has added controls and changed some features, announcing last month that it was blocking a tool in Europe that sought to identify the faces of users whose photos are uploaded to the site.
Facebook officials have met with Schrems personally and had extensive contact with European officials. Richard Allan, the company’s top policy executive in Europe, said the reaction provoked by Schrems shows the responsiveness of the regulatory system.
Facebook has taken steps toward addressing concerns from regulators in Ireland, where Facebook headquarters its European operations, said Gary Davis, the deputy data protection commissioner in Ireland. “They’re highly engaged, there’s no question,” he said. “Facebook wants to be in a position that is in compliance with European law.”