The UK Information Commissioner’s Office (ICO) has joined data protection authorities from around the world in calling for more openness about the proposed Libra digital currency and infrastructure.

Per the letter:

  • The ambition to change the online payments landscape must work in tandem with people’s privacy expectations and rights.
  •  Facebook’s involvement is particularly significant, as

A Facebook “like” is actually more like “in a [Joint Controller] relationship” status, says the Court of Justice of the EU in a long awaited decision in the Fashion ID matter.

At issue: The legal framework surrounding embedding a Facebook “Like” button on your website.

When a user visits a website on which a Facebook “Like” button is installed, their personal data is transmitted to Facebook Ireland.

This includes:

  • the IP address of the visitor’s computer
  • technical data of the browser (so that the server can determine the format in which the content is delivered to this address)
  • information about the desired content.

The operator of the website is not able to determine the data that the browser transmits or what Facebook does with this data, especially if it decides to store and use it.

The transfer of information happens:

  • whether or not the individual is a member of the social network Facebook
  • whether or not the person has clicked on the “Like” button
  • in many cases, without the individual being aware that the information is being collected or transmitted to Facebook

Key takeaways:

A website operator and Facebook can be joint controllers for the data collected via the website on which the button is installed

The operator of a website that features a Facebook “Like” button can be a controller jointly with Facebook in respect to the collection and transmission to Facebook of the personal data of visitors to its website. However, the responsibility is limited to the operation or the set of personal data processing operations for which it actually determines the purposes and means, namely the collection and communication, by transmission, of the data in question.


Continue Reading

“The decision to impose documentation requirements, rather than bright line rules, represents a significant departure from how the government traditionally aims to protect the public. It is akin to if federal regulators, instead of ordering automakers to install seatbelts, ordered them to document the pros and cons of installing seatbelts, and to decide for themselves

The $5 billion fine levied against Facebook by the Federal Trade Commission is certainly headline news, but it also contains detailed requirements for privacy and information security governance and accountability that all companies can learn from and implement.

Big Picture Takeaways:

  • Facebook faces many detailed requirements for internal and external governance and oversight with

Standard Contractual Clauses: we’ll see you in (European) Court (of Justice).

“The European Court of Justice (ECJ) will hear a landmark privacy case regarding the transfer of EU citizens’ data to the United States in July, after Facebook’s bid to stop its referral was blocked by Ireland’s Supreme Court on Friday.”

“The Irish High Court,

Data-rich companies like Facebook have a unique opportunity to capitalize on the recent surge in regulatory scrutiny and turn it to their advantage.

Savvy tech companies are attuned to public opinion and won’t allow others to control the narrative. They are already taking steps to regain the upper hand in the privacy debate.

Facebook demonstrated

EU and U.S. officials finally unveiled the full text of the proposed EU-U.S. Privacy Shield framework earlier this week. The agreement is the culmination of a five-month negotiation to address European concerns regarding mass surveillance and personal data protection issues surrounding transatlantic data transfers. The European Commission’s Article 29 Working Party must now review and

The French data protection authority (CNIL) is placing Facebook’s EU-U.S. data transfer practices under new scrutiny over its use of the defunct Safe Harbor framework.

The agency issued a two-part order Feb. 8 requiring the social media company to stop using Safe Harbor to transfer data to the United States. Safe Harbor was nullified in