Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
Oct. 10 --The Schleswig-Holstein Administrative Court ruled Oct. 9 in three consolidated cases that companies using Facebook Inc.'s fan pages can't be held responsible for data protection law violations committed by the social networking site because the companies couldn't control the use of the data, according to a statement from the state's data protection authority (In re Facebook, VG, Nos. 8 A 37/12, 8 A 14/12, 8 A 218/11, 10/9/13).
The ruling overturns an August 2011 order from the Schleswig-Holstein's Data Protection Authority (ULD) to the companies demanding that they cease using Facebook fan pages and “like” buttons .
The ULD said that companies and public entities using web analytics to assess usage patterns from like buttons and fan pages ultimately have responsibility for data protection compliance. The entities “cannot shift their responsibility for data privacy” to Facebook, which does not maintain a physical operation in the country, or to online customers and other website visitors.
In November 2011, the ULD initiated enforcement proceedings against the companies for failing to remove their fan pages from Facebook .
Schleswig-Holstein Data Protection Commissioner Thilo Weichert told Bloomberg BNA Oct. 10 that he disagrees with the court because fan pages have “quite a lot of privacy problems, such as using cookies without consent.” He also cited the lack of opportunity “to contradict or oppose profiling” and a lack of “transparency on the process of data processing.”
Revelations about the U.S. National Security Agency's PRISM Internet surveillance program, including access to Facebook information, makes it more important than ever that companies be able to decide “what servers they use for communicating with their clients” and that is not clear when Facebook processes information, he said.
Weichert said it is likely the ULD will appeal following the publication of the opinion from the administrative court.
But private sector companies welcomed the ruling. Marcus Schween, general coordinator for law at the Schleswig-Holstein Chamber of Commerce, told BNA Oct. 10 that “It was important for us that companies could count on legal protection regarding the use of fan pages and social networks in general.”
He said that the ULD position that social networks couldn't be used “was a major challenge for companies in Schleswig-Holstein” because “their use was allowed in other German states, like Berlin, Hamburg or Lower Saxony.”
That lead to “market distortion” and gave an unfair business advantage for companies operating elsewhere in Germany, he said.
Matthias Scholz, a partner at Baker & McKenzie LLP, in Frankfurt, told Bloomberg BNA Oct. 10 that “assuming that the companies are really not able to influence the way Facebook processes data, I think the court is right to have taken this decision.”
The court “clearly made a distinction between the processing done by Facebook and that done by the companies.”
Under Germany's Data Protection Act, data controllers located in another European Union member state are not subject to Germany's data protection law if they collect, process and use personal data in Germany but “without engaging a branch in Germany for that purpose.”
In February, the same Schleswig-Holstein administrative court ruled that Facebook and its European Union operations, Facebook Ireland Ltd, are not subject to German law because they are not located within the country's territorial jurisdiction (). In April that ruling was upheld by the Higher Administrative Court of Schleswig .
“A company responsible for the processing of personal data, even if established outside the European Economic Area, can move out of the application of German data protection law by having a permanent establishment in another member state” and inside Germany merely having processing equipment, Scholz said.
“This newest decision basically says that Facebook is responsible for the data processing it undertakes” rather than the defendant companies because they are “not able to influence what Facebook is offering or the way it processes its data,” he said.
Although under the new ruling, Facebook “is responsible for all the data processing,” the other court rulings take Facebook “out of the application of German data protection law,” Scholz said.
To contact the reporter on this story: Jabeen Bhatti in Berlin at email@example.com.
To contact the editor responsible for this story: Donald G. Aplin at firstname.lastname@example.org.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)