Image
© The Associated Press/Ronald ZakAustrian student Max Schrems sits with files about his activities on his Facebook account that Facebook handed over to him, in Vienna, Austria. Elements of Facebook’s new privacy policy conflict with European law, a key regulator said.
Parts of Facebook's proposed new privacy policy conflict with European law, a key regulator said Friday as he moved to give users in the European Union more power to block the sharing of their data with the company's affiliates such as Instagram.

Regulators alerted Facebook about the problem shortly after the company announced major changes Wednesday in how it will treat users' personal data, said Gary T. Davis, deputy data protection commissioner in Ireland. His office oversees Facebook operations for the European Union because the company's European headquarters is in Dublin.

The proposed policy also drew criticism from American privacy advocates, who said that the changes would make more data available to advertisers without users' explicit consent, in violation of last year's consent decree between Facebook and the Federal Trade Commission. The agreement stemmed from complaints about the company's handling of personal data.

"Facebook is not really telling users what this means and how this is going to work," said Jeff Chester, executive director of the Center for Digital Democracy. His group is planning to join the Electronic Privacy Information Center in complaining to the FTC about the proposed Facebook policy changes. The agency declined to comment on Friday.

In Ireland, Davis expressed confidence that the company would make revisions giving European users the right to explicitly accept or reject data-sharing with affiliates such as Instagram. Facebook acquired the company for $1 billion in April, but it remains a separate legal entity.

"We've already engaged with Facebook," Davis said. "We expect Facebook to be reverting [to previous policies] on these issues."

When the changes to the policy were announced, public attention focused on a related shift that would eliminate a system allowing the company's users to vote on proposed new policies. But Irish regulators were more concerned about how the company handles personal data.

Facebook spokesman Andrew Noyes said in an e-mail on Friday: "As our company grows, we acquire businesses that become a legal part of our organization. Those companies sometimes operate as affiliates. We wanted to clarify that we will share information with our affiliates and vice versa to help improve our services and theirs."

In October, data regulators from Europe and several other regions sharply criticized Google for revisions to its privacy policy after the company began allowing more extensive tracking of personal information across a range of its services, such as Gmail, YouTube and the Chrome browser.