In 2013 Max Schrems, an Austrian privacy activist, lodged a complaint at the commission for the privacy violation of Facebook. He argues that Facebook does not offer sufficient protection in the transferral of personal information to companies, organisations and the National Security Agency (NSA) in the US. Consequently the commission started with negotiations with the US to find a new agreement on the safe harbour scheme for privacy protection. Two years have passed and the European Commissioner for the Digital Single Market, Andrus Ansip, and European Commissioner for Justice, Vera Jourova, now want an agreement within three months. However there has been no compromise concerning the issue raised by Max Schrems.
The European Commission stated in 2013 that the «Transfer of personal data is an important and necessary element of the relationship and commercial exchanges for new growing digital businesses». The large-scale information gathering programmes of the United Stated have given rise to serious concerns that the requirements and guarantees of EU law are not being respected.
For instance the directive stipulates that an organisation must inform individuals about the purposes for which it collects and uses personal information. Facebook detects the websites that people visit on the Internet as well as their surfing habits and uses that for commercial purposes. For sensitive information an individual must be given affirmative or explicit (an opt in) choice if the information is to be disclosed to a third party or used for a purpose other than those for which it was originally collected or authorised by the individual. The Irish Court ruled that large-scale gathering of personal information could be necessary if Facebook shows an objective of public interest, such as national security or legitimate counter-terrorism. This condition is very rarely fulfilled.
Several proceedings started against Facebook for this kind of violations. The main problem lies with the PRISM, a security electronic surveillance program used by NSA to gather data from major US Internet companies. It is allowed access to personal information transferred from Facebook to the US, without the need for any objective justification. Facebook is already convicted, inter alia, in Belgium for violation of the Privacy Directive. Now it holds to see if other countries in the EU will follow.