German court lets Facebook fan page owners out of privacy protection – Naked Security


In November 2011, a German data protection commission ordered companies to shut down their Facebook fan pages or pay fines of up to €50,000 ($67,800).

The agency – the Office of the Data Protection Commissioner (ULD) of the state of Schleswig-Holstein – claimed that Facebook’s use of cookies, facial recognition and other data processing practices were in direct violation of German privacy regulations.

The ULD’s justification was that the companies were, at the very least, helping Facebook violate German law by processing the personal data of German users on fan pages and using the data for commercial purposes.

That earlier decision was reversed on Wednesday.

A German administrative court has ruled that the way Facebook handles the personal data of people visiting fan pages is not the responsibility of German companies. The decision now allows companies to retain fan pages without breaching German data protection laws.

This may help fan page owners off the hook, but it leaves broader questions about privacy issues open, such as whether or not Facebook itself is breaching privacy with its data collection practices. .

In a statement released by Schleswig-Holstein’s Independent Privacy Center, Thilo Weichert, the agency’s privacy commissioner, said the court’s decision actually appeared to have nothing to do with with the protection of privacy rights:

The idea of ​​the protection of fundamental rights - at least that was our impression - did not play any essential role.

Beyond avoiding this fundamental question, ZD Net’s Michael Fitz reports, the case highlights the murky area that companies and data protection officers must navigate when services such as Facebook are hosted or operated from one jurisdiction but accessed from another.

Ahead of Wednesday’s verdict, Weichert explained that the ULD began its action against Facebook fan pages two years ago, Reporting by PC World’s Loek Esser.

Weichert first took his grievances to Facebook Ireland, which is responsible for Facebook user data outside the United States and Canada.

This got him nowhere, as the ULD can only enforce German law.

This has hampered Weichert’s efforts before, Esser writes, including in 2012, when the ULD ordered Facebook to allow its users to create accounts using pseudonyms.

Facebook’s insistence on real-name use violated a German law that grants users the right to use nicknames online, Weichert charged at the time.

In April, however, the Schleswig-Holstein Administrative Court of Appeal ruled against the privacy commissioner, saying Facebook could get away with banning nicknames.

In fact, according to the court, while German law grants the right to use pseudonyms online, Irish law does not.

As Esser writes, the court held that since Facebook’s German subsidiary was only a marketing and sales office and did not process any data, Irish law should apply in this case.

Oh, how we pity the poor data protection commissioners who have to deal with these country-specific data laws.

The law stops at the border, but data is like a river that keeps flowing until it reaches a country with a lower level of privacy protection.

The ULD has not announced its intention to appeal the ruling, so there may still be hope that the essential question of whether Facebook violated German privacy law will be addressed, instead. to be transmitted on this river.

Previous What does Facebook consider proper documentation for a fan page name change request?
Next Facebook checklist to check if your fan page is up to date