THE RIGHT TO PRIVACY IN THE DIGITAL AGE. A Facebook case study on the impact of the 2016 data protection reform

Charlotte De Cort
Persbericht

Recht op/ Keuze voor Privacy

De Evolutie van een Recht naar een Keuze Voor Privacy

Facebook, als u het gebruikt, bent u zeker en vast niet alleen. Wereldwijd gebruiken 1,5 miljard mensen Facebook. Het gebruik van Facebook brengt echter ook risico’s in verband met uw recht op privacy met zich mee. Misschien hebt u er al bij stilgestaan, het onderwerp is immers niet meer weg te denken uit de actualiteit. Dagelijks gebruiken we nieuwe technologieën die data over ons verzamelen. Het businessmodel van veel bedrijven is er op gestoeld winst te maken dankzij die data. In mijn thesis onderzocht ik hoe Europa onze data beschermt en hoe onze data in de toekomst beschermd zal worden.

Vandaag

Tot op vandaag wordt de bescherming van onze onlinedata geregeld door een Europese richtlijn die dateert van 1995. Aangezien er in 1998 amper sprake was van internetgebruik, laat staan van een sociaal netwerk zoals Facebook, was deze regelgeving echter dringend aan een update toe. Enquêtes toonden aan dat Europeanen zich zorgen maken over de bescherming van hun onlinegegevens. Dit zette de EU ertoe aan om in 2012 een hervorming voor te stellen. Deze hervorming werd in het najaar van 2016 goedgekeurd en zal in het najaar van 2018 definitief in werking treden.

In tussentijd is ons gebruik van Facebook en de gegevens die we erop delen nog steeds onderworpen aan regelgeving uit de jaren ’90. Wat blijkt echter? Deze regelgeving is geschreven op een algemene manier, waardoor veel van de praktijken die Facebook hanteert reeds dubieus zijn onder de huidige regelgeving. Waarom wordt hier dan niets aan gedaan? De achilleshiel van de oude regelgeving is de daadkracht die men aan de nationale autoriteiten heeft gegeven, of beter, niet heeft gegeven.

Dubieuze praktijken

U heeft misschien reeds opgemerkt dat de schoenen of de laptop, waarnaar u net nog aan het kijken was, plots in een advertentie verschijnen op Facebook. Dit heeft een logische verklaring. Vanaf het moment dat iemand eender welke pagina op Facebook bezoekt, met of zonder account, plaatst Facebook een cookie in de internetbrowser van de gebruiker. Via deze cookie kan Facebook meevolgen welke websites u bezoekt, of Facebook geopend is of niet, of u ingelogd bent of niet. De informatie die Facebook zo verzamelt, wordt gebruikt voor de verkoop van advertenties. Facebook creëert een profiel over elke gebruiker met interesses, politieke voorkeur enzovoort.

Facebook volgt niet enkel ons onlinegedrag. Ook offline gebruikt Facebook technologieën die toelaten om de fysieke locatie van gebruikers te volgen. Als je als gebruiker gebruik wilt maken van functies die toestaan om een foto aan een bepaalde locatie te linken, moet je Facebook op je gsm toelaten je locatie te gebruiken. Eens je deze toestemming gegeven hebt, zijn er geen mogelijkheden om het gebruik van je locatie in te perken. Facebook heeft zo de mogelijkheid om op elk moment te weten waar je je bevindt via de gps, de bluetooth en de wififunctie van je smartphone. Zelfs als je Facebook geen toegang geeft tot deze informatie, kan je onbewust informatie over je locatie met Facebook delen. Als je met je smartphone een foto neemt, zal automatisch informatie opgeslagen worden over de locatie van de foto. Indien je die foto later uploadt, wordt deze data opnieuw meegedeeld.

Deze twee praktijken, zijn maar twee frappante voorbeelden van de informatie waar Facebook toegang tot krijgt. Facebook is op zich een gratis dienst, maar in ruil geven we een deel van onze privacy op. Wat belangrijk is om te weten, is dat deze praktijken door de Belgische Privacycommissie strikt opgevolgd worden. Tot de nieuwe regelgeving in werking treedt kan men er echter weinig aan doen. Gebruikers stemmen in met al deze praktijken simpelweg door het aanmaken van een account. Aangezien gebruikers uit Europa bediend worden door een vestiging van Facebook in Ierland, kan alleen de Ierse databeschermingsautoriteit optreden. Het lijkt voorlopig dus onmogelijk om te ontsnappen aan tal van deze praktijken. Zelfs het verwijderen van uw account zal niet verhinderen dat uw surfgedrag bijgehouden wordt van zodra u eenmalig een Facebook-pagina van, bijvoorbeeld, een restaurant bezoekt.

Toekomst

Zal de toekomstige regelgeving iets kunnen veranderen aan deze situatie? Er lijkt alvast een positieve evolutie, in die zin dat de Belgische Privacycommissie ook bevoegd zal zijn en inbreuken op de regelgeving zal kunnen vaststellen. Meer nog, zal het mogelijk zijn om boetes tot 4% van de omzet op te leggen. In het verleden is reeds gebleken dat het opleggen van boetes één van de meest effectieve drukkingsmiddelen is om het naleven van de regels te forceren.

Uiteraard zijn er ook gemiste kansen, deze regelgeving is, zoals de meeste Europese regelgeving, het gevolg van een compromis tussen de verschillende Europese instellingen. Daarnaast is er nog nooit zoveel gelobbyd over een nieuwe regelgeving als voor deze.

De toekomst zal moeten uitwijzen hoe veel privacy mensen bereid zijn om op te geven in ruil voor het gratis gebruik van Facebook. Het recht op privacy zou wel eens kunnen evolueren naar een keuze voor privacy. Dat hoeft in principe niet per se een probleem te zijn, zolang de keuze reëel, bewust en geïnformeerd is. Het is aan Europa om het recht op deze keuze te beschermen.

CDC.

Bibliografie

BIBLIOGRAPHY

I. Legislation

UN General Assembly, International Covenant on Civil and Political Rights, 16 December 1966, UN Doc. A/6316 (1966).

UN General Assembly, International Convention on the Protection of the Rights of all Migrant Workers and Members of Their Families, 18 December 1990, UN Doc. A/RES/45/158 (1990).

UN General Assembly, Convention on the Rights of the Child, 20 November 1989, UN Doc. A/RES/44/25 (1989).

Treaty of Lisbon amending the Treaty on European Union and the Treaty establishing the European Community, signed at Lisbon, 13 December 2007, O.J. C 306, 17 December 2007, pp. 1–271.

Council Directive 93/13/EEC of 5 April 1993 on unfair terms in consumer contracts, O.J. L-95, 21 April 1993, pp.29-34.

Commission Decision 2000/520/EC of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce, O.J. L-215, 25 August 2000, pp.7-47.

Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market, O.J. L-178, 17 July 2000, pp.1-16.

Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector, O.J. L-201, 31 July 2002, 37-47, as amended by Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009 amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and

Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws, O.J. L-337, 18 December 2009, pp.11-36.

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, O.J. L-281, 23 November 1995, pp.31–50.

EU-US Privacy Shield Agreement, Annex II EU-U.S. Privacy Shield Framework Principles Issued By The U.S. Department Of Commerce, pp.4-7, 9-10, 14-18, 20-21.

European Commission, (2016). Draft Adequacy Decision pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield, pp. 3-5.

European Commission, Proposal for a Directive on the protection of individuals with regards to processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data, 25 January 2012, COM 2012/0010 (COD).

European Commission, Proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), 25 January 2012, COM 2012/0011 (COD).

European Parliament, Legislative resolution on the proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), Ordinary legislative procedure: first reading, 12 March 2014, C7-0025/2012 – COM 2012/0011(COD).

European Council, Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) - Preparation of a general approach, 15 June 2015, COM 2012/0011 (COD).

Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), O.J. L-119, 4 May 2016, pp. 1-88.

Consolidated version of the Treaty on the Functioning of the European Union, O.J. C-326, 26 October 2012, pp. 47–390.

Charter of Fundamental Rights of the European Union, O.J. C-326, 26 October 2012, pp. 391–407.

Regulation No 593/2008 of the European Parliament and of the Council of 17 June 2008 on the law applicable to contractual obligations (Rome I), O.J. L-177, 4 July 2008, pp. 6–16.

Gerechtelijk Wetboek, BS 31 oktober 1967, p.11360. (Belgian Judicial Code).

Wet van 8 december 1992 tot bescherming van de persoonlijke levenssfeer ten opzichte van de verwerking van persoonsgegevens, BS 13 maart 1993. (Belgian Privacy Act).

Loi n° 78-17 du 6 janvier 1978 relative à l'informatique, aux fichiers et aux libertés, Journal officiel du 7 janvier 1978 et rectificatif au J.O. du 25 janvier 1978. (French Data Protection Act)

Bundesdatenschutzgesetz (BDSG) vom 20. Dezember 1990 (BGBl. I S. 2954), neugefasst durch Bekanntmachung vom 14. Januar 2003 (BGBl. I S. 66), zuletzt geändert durch Gesetz vom 29.07.2009 (BGBl. I, S. 2254), durch Artikel 5 des Gesetzes vom 29.07.2009 (BGBl. I, S. 2355 [2384] und durch Gesetz vom 14.08.2009 (BGBl. I, S. 2814). (German Federal Data Protection Act).

Urheberrechtsgesetz vom 9. September 1965 (BGBl. I S. 1273), das durch Artikel 7 des Gesetzes vom 4. April 2016 (BGBl. I S. 558) geändert worden ist. (German Copyright Act).

Data Protection Act 1998. (UK Data Protection Act).

II. Case Law

ECHR

Klass and others v Federal Republic of Germany [1979]5029/71 Series A No. 28 (ECHR). Leander v. Sweden [1987]9248/81 (ECHR).

Malone v. The United Kingdom [1984]8691/79 (ECHR).

X. v. Iceland [1976]6825/74 (ECHR).

CJEU

Albako Margarinefabrik Maria von der Linde GmbH & Co. KG v Bundesanstalt für landwirtschaftliche Marktordnung [1987]C-249/85 (CJEU).

Content Services Ltd v. Bundesarbeitskammer [2012]C-49/12 (CJEU).

Google Spain SL, Google Inc. v Agencia Española de Protección de Datos (es), Mario Costeja González [2014]C-131/12 (CJEU).

Joined cases Asociación Nacional de Establecimientos Financieros de Crédito (ASNEF) and Federación de Comercio Electrónico y Marketing Directo (FECEMD) v. Administración del Estado [2011]C-468/10 and C-469/10 (CJEU).

Joined cases Tele2 Sverige AB v. Post- och telestyrelsen and Secretary of State for the Home Department v. Davis and Others, C-203/25 and C-698/15 (CJEU).

Maximilian Schrems v. Data Protection Commissioner [2016]C-362/14 (CJEU).

Mediaset SpA v. Ministero dello Sviluppo economico [2014]C-69/13 (CJEU).

Opinion of Advocate General Bot, Maximilian Schrems v. Data Protection Commissioner [2016] C-362/14 (CJEU), §141.

Parliament v. Council and Commission [2006]C-317/04 and C-318 04 (CJEU), §56.

Scarlet Extended SA v Société belge des auteurs, compositeurs et éditeurs SCRL (SABAM) [2011]C-70/10 (CJEU).

NATIONAL COURTS

Court of Cassation, 21 May 1987, Pas. 1987, I, 1160.

Belgian Commission For The Protection Of Privacy V. Facebook INC., Facebook Belgium SPRL And Facebook Ireland Limited 15/57/C (Dutch Speaking Court of First Instance Brussels 2015).

Landgericht Berlin, Urtail vom 6. März 2012, (16 O 551/10), available at http://openjur.de/u/269310.html.

The Rachel Affaire [1858] D.P. III 62 (Tribunal civil de la Seine).

III. Policy Documents

Article 29 Working Party, (2007). Opinion 4/2007 on the concept of personal data. pp.16- 17.

Article 29 Working Party, (2010). Opinion 2/2010 on online behavioural advertising. p.15.

Article 29 Working Party, (2010). Opinion 8/2010 on applicable law. p.25.

Article 29 Working Party, (2011). Opinion 13/2011 on Geolocation services on smart mobile devices. pp.19-20.

Article 29 Working Party, (2011). Opinion 15/2011 on the definition of consent. pp.11, 18, 21-25.

Article 29 Working Party, (2012). Opinion 04/2012 on Cookie Consent Exemption. p.9.

Article 29 Working Party, (2013). Opinion 03/2013 on Purpose Limitation. pp.15-16.

Article 29 Working Party, (2014). Letter to Larry Page. Google Privacy Policy - Appendix. p.2.

Article 29 Working Party, (2014). Opinion 05/2014 on Anonymisation Techniques. p.23. Article 29 Working Party, (2016). Opinion 01/2016 on the EU – US Privacy Shield draft adequacy decision. pp.3, 17, 24-25, 27, 39, 45-57.

Australian Law Reform Commission, (2008). Report 108 Volume 2. pp.1132-1134.

CNIL, (2012). CNIL Review of Google’s New Privacy Policy: Incomplete Information and Uncontrolled Combination of Data across Services. p.2.

College Bescherming Persoonsgegevens, (2013). Investigation into the Combining of Personal Data by Google - Report of Definitive Findings. Den Haag, pp.66-68.

Data Protection Commissioner, (2012). Facebook Ireland Limited – Report of Re-Audit. pp.22, 42.

Data Protection Commissioner, (n.d.). Guidance Note on Data Protection in the Electronic Communications Sector. p.3.

ICO, (2015). Information Commissioner’s guidance about the issue of monetary penalties prepared and issued under Section 55C (1) of the Data Protection Act 1998. pp.6-8.

OECD, (2013). Privacy Guidelines. Available at: http://www.oecd.org/internet/ieconomy/privacy-guidelines.htm [Accessed 20 April 2016].

Office of the Privacy Commissioner of Canada, (2012). Getting Accountability Right with a Privacy Management Program.

IV. Legal Doctrine

Acar, G., Van Alsenoy, B., Piessens, F., Diaz, C. and Preneel, B. (2015). Facebook Tracking Through Social Plug-ins. [online] pp.2, 6, 12-13, 15, 17-19, 21-23. Available at: https://securehomes.esat.kuleuven.be/~gacar/fb_tracking/fb_plugins.pdf [Accessed 4 May 2016].

Acar, G., Verdoodt, V., Wauters, E., Van Alsenoy, B., Heyman, R. and Ausloos, J. (2015).

From social media service to advertising network: a critical analysis of Facebook’s Revised Policies and Terms v.1.3. [online] pp.8, 12-17, 38, 55, 61-69, 73-79, 90-93, 98-99, 104-109. Available at: https://www.researchgate.net/publication/291147719_From_social_media_se… ertising_network_-_A_critical_analysis_of_Facebook's_Revised_Policies_and_Terms[Accessed 4 May 2016].

Belgian Privacycommission.be. (n.d.). Ik ben een internetgebruiker, hoe kan ik mij beschermen tegen tracking door social plug-ins? | Privacycommissie. [online] Available at: https://www.privacycommission.be/nl/ik-ben-een-internetgebruiker-hoe-ka…- beschermen-tegen-tracking-door-social-plug-ins [Accessed 18 Apr. 2016].

Burke, K. (1981). Secret Surveillance and the European Convention on Human Rights. Stanford Law Review, 33(6), p.1122.

Craig, P. and De Bú rca, G. (1998). EU law. Oxford: Oxford University Press.

Cropper, L. (2016). EU-US Privacy Shield: The Article 29 Working Party raises its concerns. [online] Privacylawblog.fieldfisher.com. Available at: http://privacylawblog.fieldfisher.com/2016/eu-us-privacy-shield-the-art…- party-raises-its-concerns/ [Accessed 3 May 2016].

Davidson, B. (2016). Getting to know the General Data Protection Regulation, Part 7 - Accountability Principles = More Paperwork. [online] Privacylawblog.fieldfisher.com. Available at: http://privacylawblog.fieldfisher.com/2016/getting-to-know-the-general- data-protection-regulation-part-7-accountability-principles-more-paperwork [Accessed 4 May 2016].

DLA Piper, (2016). Data Protection Law of the World. pp.137-149, 482-487.

Dunphy-Moriel, M. and Power, L. (2015). Getting to know the General Data Protection Regulation, Part 3 – If you receive personal data from a third party, you may need to "re-think" your legal justification for processing it. [online] Privacylawblog.fieldfisher.com. Available at: http://privacylawblog.fieldfisher.com/2015/getting-to-know-the-general-…- regulation-part-3-if-you-receive-personal-data-from-a-third-party-you-may-need-to-re- think-your-legal-justification-for-processing-it [Accessed 4 May 2016].

Ernst & Young, (2009). Privacy and Data Protection Law: European Developments. European Union Agency for Fundamental Rights, (2014).

Handbook Data Protection. pp.14, 17-18, 20-21.

Hauch, J. (1994). Protecting Private Facts in France: The Warren & Brandeis Tort is Alive and Well and Flourishing in Paris. Tulane Law Review, 68(1219).

Keller, D. (2015). The Final Draft of Europe's "Right to Be Forgotten" Law. [online] Center for Internet and Society. Available at: http://cyberlaw.stanford.edu/blog/2015/12/final- draft-europes-right-be-forgotten-law [Accessed 4 May 2016].

Lee, P. (2015). Getting to know the GDPR, Part 1 - You may be processing more personal information than you think. [online] Privacylawblog.fieldfisher.com. Available at: http://privacylawblog.fieldfisher.com/2015/getting-to-know-the-gdpr-par…- processing-more-personal-information-than-you-think [Accessed 4 May 2016].

Lee, P. (2016). The Privacy Shield – is it any good then?. [online] Privacylawblog.fieldfisher.com. Available at: http://privacylawblog.fieldfisher.com/2016/the-privacy-shield-is-it-any… [Accessed 4 May 2016].

Mahmood, S. and Power, L. (2016). Getting to know the General Data Protection Regulation, Part 6 – Designing for compliance. [online] Privacylawblog.fieldfisher.com. Available at: http://privacylawblog.fieldfisher.com/2016/getting-to-know-the-general- data-protection-regulation-part-6-designing-for-compliance/ [Accessed 4 May 2016].

Maldoff, G. (2016). Top 10 operational impacts of the GDPR: Part 3 – consent. [online] The International Association of Privacy Professionals. Available at: https://iapp.org/news/a/top-10-operational-impacts-of-the-gdpr-part-3-c… [Accessed 4 May 2016].

Paez, M. (2009). Germany Strengthens Data Protection Act, Introduces Data Breach Notification Requirement. [online] Jones Day. Available at: http://www.jonesday.com/germany-strengthens-data-protection-act-introdu…- breach-notification-requirement-10-26-2009/#_edn15 [Accessed 4 May 2016].

Paez, M., von Diemar, U., Little, J., Robertson, E., Bru, P., Haas, O. and De Muyter, L. (2015). Agreement Reached on the European Reform of Data Protection. [online] Jones Day. Available at: http://www.jonesday.com/agreement-reached-on-the-european-reform-of- data-protection-12-17-2015/ [Accessed 4 May 2016].

Patrikios, A. (2015). Getting to know the GDPR, Part 2 – Out-of-scope today, in scope in the future. What is caught?. [online] Privacylawblog.fieldfisher.com. Available at: http://privacylawblog.fieldfisher.com/2015/getting-to-know-the-gdpr-par…- today-in-scope-in-the-future-what-is-caught [Accessed 4 May 2016].

Power, L. (2016). Getting to know the GDPR, Part 9 – Data transfer restrictions are here to stay, but so are BCR. [online] Privacylawblog.fieldfisher.com. Available at: http://privacylawblog.fieldfisher.com/2016/getting-to-know-the-gdpr-par…- transfer-restrictions-are-here-to-stay-but-so-are-bcr/ [Accessed 4 May 2016].

Privacylawblog.fieldfisher.com. (2016). Getting to know the General Data Protection Regulation - Part 8. [online] Available at: http://privacylawblog.fieldfisher.com/2016/getting-to-know-the-general-…- regulation-part-8-you-may-need-to-appoint-a-data-protection-officer/ [Accessed 4 May 2016].

Proust, O. (2015). Getting to know the GDPR, Part 5: Your big data analytics and profiling activities may be seriously curtailed. [online] Privacylawblog.fieldfisher.com. Available at:

http://privacylawblog.fieldfisher.com/2015/getting-to-know-the-gdpr-par…- data-analytics-and-profiling-activities-may-be-seriously-curtailed [Accessed 4 May 2016].

Ragno, F. (2009). The Law Applicable to Consumer Contracts under the Rome I Regulation. In: F. Ferrari and S. Leible, ed., Rome I Regulation: The Law Applicable to Contractual Obligations in Europe, 1st ed. Munich: sellier. european law publishers, pp.147- 149.

Ryssdal, R. (1991). Data Protection and the European Convention on Human Rights in Council of Europe Data protection, human rights and democratic values. In: XIII Conference of the Data Protection Commissioners. pp.41-43.

Sartor, G. (2013). Providers' liabilities and the right to be forgotten. European University Institute, p.9.

Strossen, N. (1990). Recent US and International Judicial Protection of Individual Rights: A comparative Legal Process Analysis and Proposed Synthesis. Hastings Law Journal, 41, p.805.

Swire, P. and Lagos, Y. (2013). Why the Right to Data Portability Likely Reduces Consumer Welfare: Antitrust and Privacy Critique. Maryland Law Review, 72, pp.335-380.

Van Canneyt, T. and Power, L. (2015). Getting to know the GDPR, Part 4 – "Souped-up" individual rights. [online] Privacylawblog.fieldfisher.com. Available at: http://privacylawblog.fieldfisher.com/2015/getting-to-know-the-gdpr-par…- individual-rights/ [Accessed 4 May 2016].

Van Eecke, P. and Truyens, M. (2010). Privacy and social networks. Computer Law & Security Review, 26(5), pp.535-546.

Warren, S. and Brandeis, L. (1980). The Right to Privacy. Harvard Law Review, IV(5). V. Press Releases

OECD, (2011). Thirty years after the OECD Privacy Guidelines. [online] Available at: http://www.oecd.org/sti/ieconomy/49710223.pdf [Accessed 4 May 2016].

European Commission, (2012). Commission proposes a comprehensive reform of data protection rules to increase users' control of their data and to cut costs for businesses. [online] Available at: http://europa.eu/rapid/press-release_IP-12-46_en.htm?locale=en [Accessed 4 May 2016].

European Commission, (2015). Agreement on Commission's EU data protection reform will boost Digital Single Market. [online] Available at: http://europa.eu/rapid/press- release_IP-15-6321_en.htm [Accessed 4 May 2016].

European Commission, (2016). EU Commission and United States agree on new framework for transatlantic data flows: EU-US Privacy Shield. [online] Available at: http://europa.eu/rapid/press-release_IP-16-216_en.htm [Accessed 4 May 2016].

European Commission, (2016). EU-U.S. Privacy Shield: Frequently Asked Questions. [online] Available at: http://europa.eu/rapid/press-release_MEMO-16-434_en.htm [Accessed 6 May 2016].

European Commission, (2016). Joint Statement on the final adoption of the new EU rules for personal data protection. [online] Available at: http://europa.eu/rapid/press- release_STATEMENT-16-1403_en.htm [Accessed 15 May 2016].

European Commission, (2016). Restoring trust in transatlantic data flows through strong safeguards: European Commission presents EU-U.S. Privacy Shield. [online] Available at: http://europa.eu/rapid/press-release_IP-16-433_en.htm [Accessed 6 May 2016].

Belgian Privacy Commission, (2015). On 13 May the Belgian Privacy Commission adopted a first recommendation of principle on Facebook. [online] Available at: https://www.privacycommission.be/en/news/13-may-belgian-privacy-commiss…- adopted-first-recommendation-principle-facebook [Accessed 15 May 2016].

Belgian Privacy Commission, (2015). The judgment in the Facebook case. [online] Available at: https://www.privacycommission.be/en/news/judgment-facebook-case [Accessed 4 May 2016].

CNIL, (2015). Un nouveau label CNIL gouvernance Informatique et Libertés. [online] Available at: https://www.cnil.fr/fr/un-nouveau-label-cnil-gouvernance-informatique-et- libertes [Accessed 4 May 2016].

VI. Media Coverage

Bracy, J. (2016). CNIL gives Facebook three months to comply with privacy order. [online] International Association of Privacy Professionals. Available at: https://iapp.org/news/a/cnil-gives-facebook-three-months-to-comply-with… [Accessed 10 May 2016].

Drozdiak, N. (2015). Belgian Privacy Watchdog Hails Facebook Court Ruling. Wall Street Journal. [online] Available at http://www.wsj.com/articles/belgian-privacy-watchdog-hails- facebook-court-ruling-1447162169 [Accessed 4 May 2016].

Fioretti, J. (2015). EU can suspend new data transfer pact with U.S. if worried about privacy: Official. [online] Reuters. Available at: http://www.reuters.com/article/us-eu- dataprotection-usa- idUSKBN0TT1FG20151210?feedType=RSS&feedName=technologyNews#ZPodROJISjvM0i wL.97 [Accessed 4 May 2016].

Fioretti, J. (2015). Max Schrems: the law student who took on Facebook. Reuters. [online] Available at: http://www.reuters.com/article/us-eu-ireland-privacy-schrems- idUSKCN0S124020151007 [Accessed 15 May 2016].

Fioretti, J. (2016). French data privacy regulator cracks down on Facebook. Reuters. [online] Available at: http://www.reuters.com/article/us-facebook-france-privacy- idUSKCN0VH1U1 [Accessed 14 May 2016].

Johnson, B. (2010). Privacy no longer a social norm, says Facebook founder. The Guardian. [online] Available at: https://www.theguardian.com/technology/2010/jan/11/facebook-privacy [Accessed 15 May 2016].

Meyer, D. (2016). Facebook Hit With German Antitrust Investigation Over User Terms. Fortune. [online] Available at: http://fortune.com/2016/03/02/facebook-germany- antitrust/ [Accessed 14 May 2016].

Perez, M. (2008). T-Mobile Lost 17 Million Subscribers' Personal Data. InformationWeek. [online] Available at: http://www.informationweek.com/ news/security/attacks/showArticle.jhtml?articleID=210700232 [Accessed 4 May 2016].

Schechner, S. (2014). Max Schrems Vs. Facebook: Activist Takes Aim at U.S.-EU Safe Harbor. Wall Street Journal. [online] Available at: http://blogs.wsj.com/digits/2014/11/20/max-schrems-vs-facebook-activist…- u-s-eu-safe-harbor/ [Accessed 4 May 2016].

VII. Facebook

Facebook Ad Settings. (n.d.). Facebook. [online] Available at: https://www.facebook.com/settings?tab=ads [Accessed 14 May 2016].

Facebook Developers. (n.d.). Social Plugins - Documentation - Facebook for Developers. [online] Available at: https://developers.facebook.com/docs/plugins [Accessed 18 April 2016].

Facebook Investor Relations. (2015). Facebook Reports Third Quarter 2015 Results - Facebook. [online] Available at: http://investor.fb.com/releasedetail.cfm?ReleaseID=940609 [Accessed 5 May 2016].

Facebook Newsroom. (2015). Setting the Record Straight on a Belgian Academic Report. [online] Available at: http://newsroom.fb.com/news/h/setting-the-record-straight-on-a- belgian-academic-report/ [Accessed 16 May 2016].

Facebook Newsroom. (n.d.). Company Info. [online] http://newsroom.fb.com/company-info/ [Accessed 5 May 2016].

Facebook. (2015). Data Policy. [online] https://www.facebook.com/policy.php [Accessed 5 May 2016].

Facebook. (2016). Terms of Service. [online] https://www.facebook.com/terms [Accessed 5 May 2016]. (Terms of Service)

Facebook. (n.d.). Audience Targeting Options - Help Center. [online] Available at: https://www.facebook.com/help/633474486707199 [Accessed 21 April 2016].

Facebook. (n.d.). Can I target my ad to people based on their age and gender? - Help Center. [online] Available at: https://www.facebook.com/help/813939365351532 [Accessed 21 April 2016].

Facebook. (n.d.). Control the ads you see - About Advertising on Facebook. [online] Available at: http://facebook.com/about/ads [Accessed 18 April 2016].

Facebook. (n.d.). Cookies, Pixels & Similar Technologies. [online] Available at: https://www.facebook.com/help/cookies/update [Accessed 5 May 2016].

Facebook. (n.d.). Does Facebook use my name or photo in ads? - About Facebook Ads | Facebook Help Center. [online] Available at: https://www.facebook.com/help/769828729705201/ [Accessed 5 April 2016].

Facebook. (n.d.). How can I download my information from Facebook? | Facebook Help Center | Facebook. [online] Available at: https://www.facebook.com/help/212802592074644 [Accessed 30 April 2016].

Facebook. (n.d.). How do I target education levels, specific schools, fields of study or specific graduation years? - Help Center. [online] Available at: https://www.facebook.com/help/227971680551772 [Accessed 21 April 2016].

Facebook. (n.d.). How does Facebook know when people are in the locations I am targeting? - Help Center. [online] Available at: https://www.facebook.com/business/help/133609753380850 [Accessed 19 April 2016].

Facebook. (n.d.). Nearby Friends | Facebook Help Center | Facebook. [online] Available at: https://www.facebook.com/help/629537553762715/ [Accessed 19 April 2016].

Facebook. (n.d.). What are audience behaviours? - Help Center. [online] Available at: https://www.facebook.com/help/243268465859743 [Accessed 21 April 2016].

Facebook. (n.d.). What is a custom audience? - Help Center. [online] Available at: https://www.facebook.com/help/341425252616329 [Accessed 5 May 2016].

Facebook. (n.d.). What is connections targeting? - Help Center. [online] Available at: https://www.facebook.com/help/186282224754628 [Accessed 21 April 2016].

Facebook. (n.d.). What is interests targeting? - Help Center. [online] Available at: https://www.facebook.com/help/188888021162119 [Accessed 21 April 2016].

Facebook. (n.d.). What options do I have when selecting people within a location? - Help Center. [online] Available at: https://www.facebook.com/help/755086584528141 [Accessed 21 April 2016].

VIII. Other

Biography. (2016). Edward Snowden. [online] Available at: http://www.biography.com/people/edward-snowden-21262897 [Accessed 15 May 2016].

Biography. (2016). Mark Zuckerberg. [online] Available at: http://www.biography.com/people/mark-zuckerberg-507402 [Accessed 15 May 2016].

Europe versus facebook. (n.d.). Get Your Data. [online] Available at: http://europe-v- facebook.org/EN/Get_your_Data_/get_your_data_.html [Accessed 14 May 2016].

European Commission, (2015). Special Eurobarometer 431 “Data protection”. [online] European Union, p.115. Available at: http://ec.europa.eu/public_opinion/archives/ebs/ebs_431_en.pdf [Accessed 14 May 2016].

International Telecommunication Union (ITU). (2015). Statistics - Global ICT Developments. [online] Available at: http://www.itu.int/en/ITU- D/Statistics/Pages/stat/default.aspx [Accessed 14 May 2016].

Lee, Phil, and Mark Webber. "GDPR 1.0 - Top 10 Things You Need To Know!". Presentation, SanDisk Corporation, 2016.

Lobbyplag. (n.d.). LobbyPlag: Amendments. [online] Available at: http://lobbyplag.eu/map/article/17 [Accessed 9 May 2016].

Mashable. (n.d.). Pete Cashmore. [online] Available at: http://mashable.com/people/petecashmore/ [Accessed 15 May 2016].

Mozilla Support. (n.d.). Disable third-party cookies in Firefox to stop some types of tracking by advertisers | Firefox Help. [online] Available at: https://support.mozilla.org/en- US/kb/disable-third-party-cookies. [Accessed 7 May 2016].

Rainie, L. and Anderson, J. (2014). The Future of Privacy - Elaborations: More Expert Responses. [online] Pew Research Center: Internet, Science & Tech. Available at: http://www.pewinternet.org/2014/12/18/future-of-privacy/ [Accessed 16 May 2016].

Snowden, E. (2015). Just days left to kill mass surveillance under Section 215 of the Patriot Act. We are Edward Snowden and the ACLU’s Jameel Jaffer. AUA. • /r/IAmA. [online] reddit. Available at: https://www.reddit.com/r/IAmA/comments/36ru89/just_days_left_to_kill_ma… ce_under/crglgh2 [Accessed 15 May 2016].

Snowden, E. (2016). Edward Snowden on Twitter. [online] Twitter. Available at: https://twitter.com/Snowden/status/694571566990921728 [Accessed 6 May 2016].

The Center for Internet and Society. (n.d.). Stanford Law School - Daphne Keller. [online] Available at: http://cyberlaw.stanford.edu/about/people/daphne-keller [Accessed 14 May 2016]. 

Universiteit of Hogeschool
Master of Laws
Publicatiejaar
2016
Promotor(en)
Prof. dr. Yves Haeck
Kernwoorden
Share this on: