[Kristine1975]

>Facebook faces a fine of 250,000 euros ($269,000) a day

Facebook's net income in 2014 was US$2.94 billion, according to Wikipedia. I'm not so sure they will care about a fine that low. Especially if they expect to make more money by continuing to store non-users' personal data.

[ladybro]

Meh, $94MM a year is still probably not worth it just to store non-users data from Belgium.

[cm2187]

All they need is a simple filter by country of IP. The question is rather they are willing to comply given that this may spread across Europe very quickly.

[vidarh]

It will spread.

Basically, if Facebook is really building up profiles of people, then the EU standpoint is clear across the board that you don't even need to be able to actually name the person from the data in order to be governed by the data protection laws, and e.g. details like IP addresses that are not considered personally identifiable by themselves easily becomes so when combined with other data.

It is very unlikely that they are compliant anywhere in the EEA if they're not compliant in Belgium.

Their argument that they're only subject to privacy laws in Ireland is a total non-starter, as it "worst case" for Belgian authorities just means they'll have to go after Facebook in Ireland, and given that all EEA countries have privacy legislation closely modelled after the Data Protection Directive, it's highly unlikely they'll get a better result there (and if they do, it'll get appealed, and if they win an appeal, the law is likely to get changed.

If they are maintaining shadow profiles, then what they do is very, very obviously at odds with the principles the Directive are based on). More likely I'd expect Belgian courts to insist they have jurisdiction on behalf of victims in Belgium.

In either case, as soon as this case is concluded, you can expect a bunch of other EEA states to pile on.

[Amorymeltzer]

Do you think that data is worth 91M euros/98M USD a year? I don't, and I doubt Facebook (or its investors) do either. That's a strong opening salvo.

[Silhouette]

That's a strong opening salvo.

And so far it's only from one nation. Much of Europe shares a stronger belief in things like privacy and data protection than the US, and much of Europe has law in place to defend such things if the political will is there. Facebook can't afford to face fines at significant multiples of that scale, and even if it could, it's just asking for more severe action if it tries to force the issue.

The nightmare scenario for FB is probably losing access to parts of Europe for a while and as a result losing their critical mass of users so a rival social network can gain a foothold. With the digital native generation already far less attached to any one social network than their predecessors, that could become an existential threat to Facebook itself. As such, it seems highly unlikely that they will try to hold their position indefinitely on this one.

[vidarh]

Specifically, all of the EEA (EU + Norway and Iceland) has data protection acts that are specifically harmonized to comply with the EU Data Protection Directive.

There are quite few scenarios where they'd be in breach of Belgian data protection legislation without also being in breach of the data protection laws of 29 other EEA countries.

The odds of EU wide action will dramatically rise the moment one or more countries find them in breach.