The Independent Centre for Data Protection (ULD) calls on all agencies in Schleswig-Holstein to remove their fan pages on Facebook and social plugins such as the "Like" button on their websites. After a thorough technical and legal analysis, the ULD has come to the conclusion that such offers violate the German Telemedia Act (TMG) and the Federal Data Protection Act (BDSG) or the Schleswig-Holstein State Data Protection Act (LDSG SH). When using Facebook services, traffic and content data is forwarded to the USA and a qualified feedback is given to the operator regarding the use of the offer, the so-called reach analysis. Anyone who has been on Facebook or used a plugin must assume that they will be tracked by the company for two years. Facebook carries out comprehensive personal profiling, and even personalised profiling for members. These processes violate German and European data protection law. The users concerned are not adequately informed; they are not given the right to choose; the wording of Facebook's terms of use and data protection guidelines do not come close to meeting the legal requirements for legally compliant notices, effective data protection consents and general terms and conditions.
The ULD expects all website operators in Schleswig-Holstein to immediately stop passing on data about their users to Facebook in the USA by deactivating the corresponding services. If this is not done by the end of September 2011, the ULD will take further measures. After going through the legally prescribed hearing and administrative procedure, these can be complaints in accordance with § 42 LDSG SH in the case of public bodies, prohibition orders in accordance with § 38 para. 5 BDSG in the case of private bodies, as well as fine proceedings. The maximum fine for violations of the TMG is 50,000 euros.
Thilo Weichert, head of the ULD: "The ULD has been informally pointing out for some time that many Facebook offers are illegal. Unfortunately, this has so far prevented few operators from making use of the offers, especially since they are easy to install and can be used free of charge. This includes, in particular, the reach analysis, which is meaningful for advertising purposes. Payment is made with the data of the users. With the help of this data, Facebook has now reached an estimated market value of over 50 billion dollars worldwide. It must be clear to all bodies that they cannot shift their responsibility under data protection law to the Facebook company, which has no headquarters in Germany, and also not to the users. Our current appeal is only the beginning of a more extensive data protection analysis of Facebook applications. The ULD will carry this out in cooperation with the other German data protection supervisory authorities. A comprehensive analysis is not possible for a small data protection authority like ULD in one go; moreover, Facebook is continuously changing its technical processes and terms of use. No one should claim that there are no alternatives available; there are European and other social media that take the protection of the privacy rights of internet users more seriously. The fact that there are also problematic applications there should not be a reason for inaction with regard to Facebook, but must prompt us data protection supervisory authorities to also investigate these violations. Users can make their contribution by trying to avoid offers that violate data protection.
The ULD has published its data protection assessment of the reach analysis by Facebook on the internet at
https://www.datenschutzzentrum.de/facebook/
Source: Press release of the Independent Centre for Data Protection (ULD)
Goldberg Attorneys at Law 2011
Attorney at Law Michael Ullrich, LL.M. (Information Law)
Specialist lawyer for information technology law (IT law)
E-mail: info@goldberg.de
