Feb 23, 2015 · 1 minute

Facebook's recently updated terms of service violate European laws governing the use of consumer data, according to a report commissioned by the Belgian privacy commission, even though concerns about the company's data practices have been raised since at least 2013.

The report criticizes many of Facebook's practices, from the use of consumer data to inform third-party advertisements to the lack of easily-understood privacy controls, and says the revised terms of service merely change the language used to violate European privacy laws.

Here's what the report says about Facebook's data collection:

Facebook combines data from an increasingly wide variety of sources (e.g., Instagram, [WhatsApp] and data brokers). By combining information from these sources, Facebook gains a deeper and more detailed profile of its users. Facebook only offers an opt-out system for its users in relation to profiling for third-party advertising purposes. The current practice does not meet the requirements for legally valid consent.
And here's what it says about Facebook's privacy settings:
According to the Article 29 Working Part, consent cannot be inferred from the data subject’s inaction with regard to [behavioral] marketing. As a result, Facebook’s opt-out system for advertising does not meet the requirements for legally valid consent. In addition, opt-outs for “Sponsored Stories” or collection of location data are simply not provided.
Finally, here's its conclusion about Facebook's respect for its users' rights:
Facebook’s terms do not properly acknowledge the data subject rights of its users. While mention is made of certain (limited) access rights and opt-out mechanisms, Facebook does not appear to give effect to data subject rights. For example, deleting one’s profile is an “all-or-nothing” exercise and only relates to “things you have posted, such as your photos and status updates”. Though users have some options to control the visibility of their information within their networks, they are not able to prevent Facebook from further using this information for its purposes.
The Independent reports that Facebook met with Belgian privacy minister Bart Tommelein to "persuade him that [the] new privacy policy is not in breach of the Belgian Data Protection Act." The company reportedly said criticism of the policy was rooted in "misunderstandings."

[illustration by Brad Jonas]