German state bans Facebook pages, 'Like' buttons

Schleswig-Holstein's privacy authority says the social-networking site breaks state and federal law by monitoring users for ad-targeting purposes, and has ordered all institutions to remove fan pages and 'Like' buttons
Written by David Meyer, Contributor

Facebook is in trouble in Germany yet again after the data-protection authority in Schleswig-Holstein ordered all institutions in the state to shut down their Facebook fan pages and remove plug-ins such as the 'Like' button from their websites.

The Unabhängige Landeszentrum für Datenschutz (ULD, or Independent Centre for Privacy Protection in English) said in a statement on Friday that Facebook carried out an excessive amount of monitoring on its users without letting them know in reasonable detail how much they were being profiled. It said much of this monitoring, done in the name of web analytics and used to target advertising, was illegal under state and federal law.

The data-protection authority ordered all private and public institutions to remove their Facebook fan pages and plug-ins or face formal complaints, prohibition orders and fines. It also recommended that private citizens not set up Facebook accounts and avoid clicking on 'Like' buttons.

"ULD has pointed out informally for some time that many Facebook offerings are in conflict with the law," ULD commissioner Thilo Weichert said. "This unfortunately has not prevented website owners from using the respective services and the more so as they are easy to install and free of charge. Web analytics is among those services and especially informative for advertising purposes. It is paid with the data of the users."

Whoever visits Facebook.com or uses a plug-in must expect that he or she will be tracked by the company for two years.

The ULD said Facebook's actions violate German federal media and data-protection laws, as well as state data-protection laws in Schleswig-Holstein.

"ULD expects from website owners in Schleswig-Holstein to immediately stop the passing on of user data to Facebook in the USA by deactivating the respective services," the organisation wrote. "If this does not take place by the end of September 2011, ULD will take further steps."

The ULD said those further steps could include formal complaints for public entities, and a prohibition order and penalty fine for private entities.

"Whoever visits Facebook.com or uses a plug-in must expect that he or she will be tracked by the company for two years," the authority explained. "Facebook builds a... personalised profile. Such a profiling infringes German and European data-protection law."


The data-protection authority also complained that user information regarding privacy, as worded in Facebook's terms and conditions, "does not nearly meet the legal requirements relevant for compliance of legal notice, privacy consent and general terms of use".

Weichert said institutions could not shift their responsibility for data protection onto Facebook, which does not have a German office, nor onto users. "Our current call is only the beginning of a continuing privacy impact analysis of Facebook applications," he said. "ULD will continue in co-operation with other German data-protection authorities.

"Nobody should claim that there are no alternatives; there are European and other social media available that take the protection of privacy rights of internet users far more seriously," Weichert continued. "That they also may contain problematic applications must not be a reason to remain idle towards Facebook, but must prompt us as supervisory authorities to pursue these violations. Users can take their part in trying to avoid privacy-adverse offerings."

EU rules

In March, EU justice commissioner Viviane Reding said that US-based social-networking companies with active users in Europe will have to comply with EU rules, under a revamp of privacy laws in the region. Data-protection authorities in member countries will be given the power to pursue legal proceedings against businesses outside the region, she said.

Schleswig-Holstein is not the only German state to come down hard on Facebook. Neighbouring Hamburg warned the social network earlier this month that its recently-enabled facial recognition feature was in breach of data-protection laws. The UK Information Commissioner's Office (ICO) has also expressed worries over the privacy implications of that feature.

"We firmly reject any assertion that Facebook is not compliant with EU data-protection standards," a Facebook spokesperson said in a statement. "The Facebook 'Like' button is such a popular feature because people have complete control over how their information is shared through it. For more than a year, the plug-in has brought value to many businesses and individuals every day. We will review the materials produced by the ULD, both on our own behalf and on the behalf of web users throughout Germany."

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.
Editorial standards