EU vs Facebook: Will Internet Content Have an Expiration Date?

Comments Off

February 18, 2013 | Editor

Over on another channel, I’ve been writing about some of the grumblings towards the EU’s proposed changes to their landmark Data Protection Directive. The grumbles have come mostly, but not exclusively, from US social media companies–Facebook, Google, Yahoo, et. al.–who are finding the new “right-to-be-forgotten” rule to be more than just another annoyance crafted by EU technocrats.

The 1995 directive may not be most familiar legislation, but thanks to the efforts of Facebook and Google it has found its way into more than a few business headlines over the last few months. The original DPD law did in fact have a data deletion obligation in that “data controllers”–EU term for anyone who collects consumer data- were told not to keep data longer than was necessary “for the purposes for which the data were collected “.

Sensible advice. And anyone in the IT business with security in their title will cite best practices saying as much–if you want to reduce risks of a breach, for example, don’t store credit card numbers.

But with this new proposal, from the Article 29 Working Party–the cozy name given to the regulators charged with keeping the DPD fresh and lively–have raised the security bar a little higher. Data controllers are now responsible for ensuring that personal data has been made “public” must be erased from third party sites or databases containing a copy or link on request from the “data subject”–EU talk for you and me.

Facebook has been especially critical of this proposed rule. After looking through two of their offiicial comments on the subject, it appears their position has evolved or perhaps revealed itself over time.

In one comment to the EU from 2011, they made the point that Facebook subscribers expect data to be long lived, having described a power that the EU regulators never even claimed: deleting subscriber data withou their permission. Other socual media players (Yahoo and Ebay) had comments that were closer to being legitimate gripes: we should’t be asked to delete everything about a customer, especially for fraud purposes.

Closer to the truth is a letter (from March 2012) to the EU that the The Next Web folks dug up in their research. In it Facebook talks about the technical impossibility of tracking or monitoring posts and images that have been taken off Facebook’s walled garden and republished on the Intertoobz.

No exactly technically impossible, but Facebook is absolutely right when they say in their response that it’s not the way the Internet works. However, there are already companies, such as Tigertext, that encrypt text messaging and enforce an expiration date on content. It’s easy to understand Facebook’s protests: would be asked to implement tokens with time expiration dates–i.e., Kerboros or something like it–that would be used to decrypt and authenticate data among Facebook subscribers. Yikes!

The right-to-be-forgotten obligation would add another wall to Facebook’s garden–maybe something they wouldn’t entirely mind. While not completely foolproof, this centralized token-granting approach to privacy would certainly make it more difficult to casually reproduce content outside Facebook. And yes, this is not the way the Internet was supposed to work–URLs that require tokens. I suppose you could say its digital rights management for the rest of us.

Criticized by Facebook as standing in the way of innovation, the EU’s proposed erasure rule may just spur a new kind of social networking, with privacy as a foundation, and encourage a new breed of startups that will realize this vision.

Photo credit: Wikimedia

Tags: data protection directiveeuropean unionfacebooktigertext 

Comments are closed.

  • Suivez-moi

    New Jersey
    Technology blogger,social media consultant, and aspiring sous chef. Andy currently works as a Senior Digital Content Producer at Varonis. (
    since January 2008
    463 followers, 355 friends, 1750 tweets
    RT @repjohnlewis: 54 years ago today, I was beaten along w/ several Freedom Riders as we attempted to enter the Montgomery bus station. htt…
    May 20 2015 - 23:58
    RT @varonis: Grab the popcorn! The highs, the lows, the laughs, the tears. Let’s Go to the RSA Videos! #rsa http://t…
    May 20 2015 - 7:10
    Twitter REST API 1.1 - status OK