EU regulators are in the midst of writing new legislation that could give internet users greater control over how their personal data is used by big technology companies. One part of the regulation requires companies to get permission before "processing" people's personal data, although exactly how and when such consent would be needed is still subject to debate.
On Tuesday the French data protection regulator asked to meet Facebook after thousands of users complained private messages dating back to 2007 were visible on their Facebook timelines the start page of a person's profile on the website.
Jan Philipp Albrecht, a German Green member of the European Parliament who is in charge of the legislature's work on the draft regulation said the incident shows that users need more control over their data.
"The informed and explicit agreement of all those affected by data processing must be a guiding principle," Albrecht said in a press statement. "There will be very few exceptions if any."
Facebook said it has not done anything wrong and that the messages are in fact called wall posts, one of the website's features for leaving comments which usually appears on a person's profile page.
Before the Facebook timeline was introduced in February, wall posts were visible on user's profile pages but could also be hidden from the public depending on each user's privacy settings.
"A small number of users raised concerns after what they mistakenly believed to be private messages appeared on their Timeline," the company said in a statement.
Nevertheless EU lawmakers are taking the incident seriously.
"This case shows that some companies simply don't take privacy issues as seriously as their share price," the Commissioner for Justice behind the regulation, Viviane Reding, said at a meeting with regulators in Dublin on Monday.
The Commission, the European Parliament and the 27 member states have to agree on the regulation before it can become law. The parliament will begin submitting amendments later this year.
Web companies like Google, Facebook and Yahoo, which rely on their user's data to tailor their services to people's interests, have said they are wary of the regulation's principles on seeking users' consent. These companies' business models are also based on selling targeted ads matched to people's profiles.
Some say they worry that asking permission for the use of people's data more than they already do could hamper their services with consent-seeking pop-ups and encourage people to opt-out rather than in.
Copyright Thomson Reuters 2012