Governments and Facebook in the EU: a complicated relationship

New problems arise for Facebook (and its owner Meta) in the EU. After receiving a fine of €390 million from the Irish Data Protection Commission (DPC) over the legal basis for targeted advertising, the Dutch Data Protection Authority questioned the use of Facebook by governmental bodies.

The problem of Government Organizations’ Facebook page

In theory, any governmental body should guarantee that the processing of the personal data of citizens complies with the law. The Dutch Data Protection Authority (AP) observes that this is not the case if it is unclear what happens to the personal data of visitors of the Government organization’s Facebook page.

 

This decision does not come out of the blue.

 

  • Already in 2021, the Dutch Ministry of the Interior (BZK) itself investigated the possible privacy risks of the use of Facebook by the government and concluded (not surprisingly) that he does not have a good idea of ​​what Facebook does with the personal data of people who visit Dutch government pages.
  • In 2023, the BZK asked the AP whether the government could use Facebook. The AP’s advice to the BZK is now not to do this if there is uncertainty about privacy
  • Eventually, in March 2024, the AP released the decision under analysis, observing that the Government should not rely on online platforms, such as Facebook.

The rationale for the decision

To better understand the rationale of the decision, it is useful to look at the statement released by Aleid Wolfsen, chairman of the AP.

 

He stated:

Because people rely on the government for many things, they will quickly be inclined to use a platform like Facebook to communicate with the government. But government organizations should not use such platforms as a communication channel if they conclude that they cannot be sure what is happening with people’s data. It must be crystal clear what happens to your data. That is the norm”.

 

He also added:

If a platform threatens to black out your online account as soon as you do not agree to be followed online, that is not a free choice. Tech companies cannot force you to agree to track your behavior on the internet. For example, to sell your data to advertising companies. People sometimes depend on information on certain online platforms. Especially when it comes to government information, people have the right to access this information. Without having to pay for it and without having to sacrifice their privacy”.

 

Some final observations

The decision is comprehensive and does not raise any particular legal issue. It goes in the right direction, as it intends to protect citizens’ privacy rights against large Tech Companies. Early this week another decision, this time from the EDPB, states that social media platforms may not force users to be tracked. However, a question is not answered: why should EU Governments rely on a foreign private online platform to interact with their citizens?

 

Do you have more questions about the GDPR or Privacy in the EU? Please feel free to reach out to us at info@dpoconsultancy.nl.