From „I like“ to criminal offence - Data protection authorities against Facebook

It is a long-term ‚frozen‘ conflict in Germany that now enters into a new phase. The current trigger is the supervising authority Unabhängiges Landeszentrum für Datenschutz (ULD), Schleswig-Holstein. This authority has instructed all authorities/institutes in Schleswig-Holstein, after a close technical examination, to abandon their Facebook sites as well as their social media plugins, especially the „I Like“ button.

Data protection authorities against FacebookDue to the possibly collected data on Facebook (also from non-members), the ULD sees an illegal data transfer by the website operator to Facebook.  According to the current legal situation in Germany, such a transfer would be indictable and can therefore be punished with fines up to 50000 Euros.

Promptly, not only Facebook but also other big website operators reacted, which have created a technical solution for their part. Thus,  Heise Publishing implemented a 2-click-solution on the basis of Open Source, by which the user has so activate the „I Like“-button feature beforehand and thereby formally agrees to the data transfer to Facebook.  Facebook on the other hand understands such an approach as an offence against the Platform Policies, but has meanwhile given in. Furthermore, Facebook recently disclosed which data are collected in which form. There is great confusion in Germany and unfortunately not much seems to be clear at the moment.

However, what does the current situation mean for our customers? Who is in charge anyway? How should one behave?

As a general rule, German law, in the form of the Bundesdatenschutzgesetz and Telemediengesetz, applies to all website operators.  The authority lies with the corresponding regional authorities, which have to take action in the event of data privacy breaches.  In the light of these factors, the ULD’s request materialized, which, for the time being, only applies to Schleswig-Holstein, due to the fact that the authority ends with the state borders. A part of the federal authorities consent to this demand while others wait and see and want to act nationally or want to comment on their action in a couple of weeks. Currently it cannot be said how the coming weeks will develop. If the corresponding authorities stick with their action, then there are only two ways for website operators to evade punishment: Either one abdicates all social media plugins – which will be hard for many – or one must implement a solution that provides an explicit activation of plugins and the visitor agrees to the data transfer.

The topic remains exiting – especially due to the fact that each authority may proceed differently and even the Minister of the Interior commented on this topic (not satisfyingly for some). Concerning all questions, we will gladly advise and support you and are also at your disposal in regard to an implementation. 

Further links on this topic:

https://www.datenschutzzentrum.de/presse/20110819-facebook.htm
https://www.datenschutzzentrum.de/facebook/
http://www.heise.de/newsticker/meldung/Like-Button-Facebook-erklaert-Details-zur-Speicherpraxis-1339079.html
http://www.heise.de/security/artikel/Das-verraet-Facebooks-Like-Button-1230906.html
http://www.heise.de/ct/artikel/2-Klicks-fuer-mehr-Datenschutz-1333879.html