Schleswig-Holstein's privacy authority says the social-networking site breaks state and federal law by monitoring users for ad-targeting purposes, and has ordered all institutions to remove fan pages and 'Like' buttons
Facebook is in trouble in Germany yet again after the data-protection authority in Schleswig-Holstein ordered all institutions in the state to shut down their Facebook fan pages and remove plug-ins such as the 'Like' button from their websites.
The Unabhängige Landeszentrum für Datenschutz (ULD, or Independent
Centre for Privacy Protection in English) said in a
statement on Friday that Facebook carried out an excessive amount
of monitoring on its users without letting them know in reasonable
detail how much they were being profiled. It said much of this
monitoring, done in the name of web analytics and used to target
advertising, was illegal under state and federal law.
The data-protection authority ordered all private and public
institutions to remove their Facebook fan pages and plug-ins or face
formal complaints, prohibition orders and fines. It also recommended
that private citizens not set up Facebook accounts and avoid clicking
on 'Like' buttons.
"ULD has pointed out informally for some time that many Facebook
offerings are in conflict with the law," ULD commissioner Thilo
Weichert said. "This unfortunately has not prevented website owners
from using the respective services and the more so as they are easy to
install and free of charge. Web analytics is among those services and
especially informative for advertising purposes. It is paid with the
data of the users."
Whoever visits Facebook.com or uses a plug-in must expect that he or she will be tracked by the company for two years.
– ULD
The ULD said Facebook's actions violate German federal media and
data-protection laws, as well as state data-protection laws in
Schleswig-Holstein.
"ULD expects from website owners in Schleswig-Holstein to
immediately stop the passing on of user data to Facebook in the USA by
deactivating the respective services," the organisation wrote. "If
this does not take place by the end of September 2011, ULD will take
further steps."
The ULD said those further steps could include formal complaints
for public entities, and a prohibition order and penalty fine for
private entities.
"Whoever visits Facebook.com or uses a plug-in must expect that he
or she will be tracked by the company for two years," the authority
explained. "Facebook builds a... personalised profile. Such a profiling infringes German and European
data-protection law."
Privacy
The data-protection authority also complained that user information
regarding privacy, as worded in Facebook's terms and conditions, "does
not nearly meet the legal requirements relevant for compliance of
legal notice, privacy consent and general terms of use".
Weichert said institutions could not shift their responsibility for
data protection onto Facebook, which does not have a German office,
nor onto users. "Our current call is only the beginning of a
continuing privacy impact analysis of Facebook applications," he said.
"ULD will continue in co-operation with other German data-protection
authorities.
"Nobody should claim that there are no alternatives; there are
European and other social media available that take the protection of
privacy rights of internet users far more seriously," Weichert
continued. "That they also may contain problematic applications must
not be a reason to remain idle towards Facebook, but must prompt us as
supervisory authorities to pursue these violations. Users can take
their part in trying to avoid privacy-adverse offerings."
EU rules
In March, EU justice commissioner Viviane Reding said that US-based social-networking companies with active users in Europe will have to comply with EU rules, under a revamp of privacy laws in the region. Data-protection
authorities in member countries will be given the power to pursue legal proceedings against businesses outside the region, she said.
Schleswig-Holstein is not the only German state to come down hard
on Facebook. Neighbouring Hamburg warned the social network earlier
this month that its recently-enabled facial recognition feature was in
breach of data-protection laws. The UK Information Commissioner's
Office (ICO) has also expressed
worries over the privacy implications of that feature.
"We firmly reject any assertion that Facebook is not compliant with EU data-protection standards," a Facebook spokesperson said in a statement. "The Facebook 'Like' button is such a popular feature because people have complete control over how their information is shared through it. For more than a year, the plug-in has brought value to many businesses and individuals every day. We will review the materials produced by the ULD, both on our own behalf and on the behalf of web users throughout Germany."
Get the latest technology news and analysis, blogs and reviews
delivered directly to your inbox with ZDNet UK's
newsletters.
Legal
proceedings
have
begun
against
a
number
of
Bitcoin
developers.
The
action
will,
for
the
first
time,
examine
the
nature
and
extent
of
legal
duties
conferred
upon
and
owed
by
developers
...
The
European
Commission
has
published
a
draft
adequacy
decision
to
allow
citizen
data
to
flow
freely
across
the
Channel
-
but
the
victory
isn't
total
yet.
...
Facebook's
crackdown
on
lookalike
domains
last
year
has
touched
some
of
the
domains
security
firm
Proofpoint
was
using
for
security
awareness
training
exercises.
...
Join Discussion