Facebook fan page operator has privacy responsibilities: EU Court


Representative photo (Image: Reuters)

The case stems from a dispute between a German Facebook fan page that used the social network to store cookies on visitors’ hard drives to collect data about them.

  • Reuters
  • Last update:June 06, 2018, 12:19 p.m. HST
  • FOLLOW US ON:

The operator of a fan page on Facebook is also responsible for protecting the personal data of visitors and cannot hide behind the social network, the highest court in the European Union ruled on Tuesday. The case stems from a dispute between a German Facebook fan page that used the social network to store cookies on visitors’ hard drives to collect data about them. When a German data protection authority ordered the operator of the fan page, an education company, to deactivate it because visitors were not informed about the collection of their personal data, the company argues that she was not responsible for the processing of personal data by Facebook and that any action must be brought against the social network.

Also read: Apple focuses on speed and parental controls in software upgrades

“According to the court, the fact that an administrator of a fan page uses the platform made available by Facebook in order to benefit from the associated services cannot exempt him from compliance with his obligations regarding the protection of personal data”, declared the Court of Justice of the European Union (ECJ) said in a statement on the decision. The administrator participates in deciding what data to collect and how to process it, for example by defining a target audience and requesting demographic data or information on the lifestyles and interests of visitors to the page, a declared the ECJ.

The Luxembourg court also reaffirmed an opinion given by a legal adviser in October that the German data protection authority had the power to take action against Facebook even though its European headquarters are in Ireland. Facebook had argued that only the Irish regulator had jurisdiction over its activities, but several other EU regulators have taken action against the company for allegedly breaching privacy laws.

Also read: WWDC18: The ten funniest new features coming to Apple devices

The CJEU said a regulator was entitled to exercise its powers against a company even if the responsibility for collecting and processing the data lay with that company’s establishment in another member state – in this case Facebook. Ireland. The case predates the entry into force two weeks ago of a new European data protection regulation which introduces a principle of “one-stop shop” according to which companies must only deal with the authority of the Member State of their main European establishment.

Also watch: Karbonn Titanium Frames S7 review: A decent budget offering

Previous Facebook fan page administrators responsible for GDPR compliance
Next The Accidental Controller - According to the CJEU, the administrators of the "Fan Page" are joint controllers with Facebook