Data Compliance Series 1 — Reflections on the Facebook Incident
With the proliferation of personal data protection legislation in different jurisdictions, the conflict between enterprises’ commercial behaviors and personal data protection are widely concerned by the law enforcement authorities around the world. Facebook, for example, with a recent spate of being punished for excessively collecting user’s personal data by using cookies and leaking data concerned over 50 million users, the superstar of open social platforms has suffered a severe losses on its stock market and reputation. Internet companies such as Facebook have quickly grown into “Internet access” enterprises in the eyes of the users by taking advantages of the open platform. These new types of enterprises are featured in the possibility to provide various value-added services by virtue of its multilateral platform market, through which such enterprises get a large number of different types of user data and then achieve and realize new business models by using big data technologies. As a result, such enterprises become “data driven” companies. It is foreseeable that to achieve their commercial ambitions, such enterprises face inevitable conflicts between their business practices and the protection of personal data. Therefore, how to achieve a balance between such enterprises’ business development and the protection of personal data is becoming a common concern of enterprises, legislation and enforcement authorities in the long run. As regards cookies and Open APIs, this article sets forth important compliance issues for enterprise’ reference.