Top German Court Rules Facebook's Collection And Use Of Data From Third-Party Sources Requires 'Voluntary' Consent

from the oh-no,-not-more-pop-ups dept

Back at the end of 2017, Germany’s competition authority, the Bundeskartellamt, made a preliminary assessment that Facebook’s data collection is “abusive“. At issue was a key component of Facebook’s business model: amassing huge quantities of personal data about people, not just from their use of Facebook, WhatsApp and Instagram, but also from other sites. If a third-party website has embedded Facebook code for things such as the ‘like’ button or a ‘Facebook login’ option, or uses analytical services such as ‘Facebook Analytics’, data will be transmitted to Facebook via APIs when a user calls up that third party’s website for the first time. The user is not given any choice in this, and it was this aspect that the Bundeskartellamt saw as “abusive”.

After the preliminary assessment, in February 2019 the German competition authority went on to forbid Facebook from gathering information in this way without voluntary permission from users:

(i) Facebook-owned services like WhatsApp and Instagram can continue to collect data. However, assigning the data to Facebook user accounts will only be possible subject to the users’ voluntary consent. Where consent is not given, the data must remain with the respective service and cannot be processed in combination with Facebook data.

(ii) Collecting data from third party websites and assigning them to a Facebook user account will also only be possible if users give their voluntary consent.

If consent is not given for data from Facebook-owned services and third party websites, Facebook will have to substantially restrict its collection and combining of data. Facebook is to develop proposals for solutions to this effect.

Naturally, Facebook appealed against this decision, and the Düsseldorf Higher Regional Court found in its favor. However, as the New York Times reports, the Federal Court of Justice, which monitors compliance with the German constitution, has just reversed that:

On Tuesday, the federal court said regulators were right in concluding that Facebook was abusing its dominant position in the market.

“There are neither serious doubts about Facebook’s dominant position on the German social network market nor the fact that Facebook is abusing this dominant position,” the court said. “As the market-dominating network operator, Facebook bears a special responsibility for maintaining still-existing competition in the social networking market.”

Needless to say, Facebook vowed to fight on — and to ignore the defeat for the moment. The case goes back to the lower court to rule again on the matter, but after the Federal Court of Justice guidance, it is unlikely to be in Facebook’s favor this time. There is also the possibility that the case could be referred to the EU’s top court, the Court of Justice of the European Union, to give its opinion on the matter.

Assuming that doesn’t happen, the ruling could have a big impact not only on Facebook, but on all the other Internet giants that gather personal details from third-party sites without asking their visitors for explicit, voluntary permission. Although the ruling only applies to Germany, the country is the EU’s biggest market, and likely to influence what happens elsewhere in the region, and maybe beyond. One bad outcome might be even more pop-ups asking you to give permission to have your data gathered, and be tracked as you move around the Internet.

Follow me @glynmoody on Twitter, Diaspora, or Mastodon.

Filed Under: , , ,
Companies: facebook

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Top German Court Rules Facebook's Collection And Use Of Data From Third-Party Sources Requires 'Voluntary' Consent”

Subscribe: RSS Leave a comment

This comment has been flagged by the community. Click here to show it.

Anonymous Coward says:

Germans are Nazis. Techdirt is Marxist. AntiFa is Fascist. BLM wants to burn down America.

OMG, can you IMAGINE how GREAT it’s going to be to celebrate TRUMP’s next VICTORY!

You idiots have all lost your minds. The ridiculous articles here are going to be laughed at for generations.

AND, I’m going to be REVERED and EMULATED by American Children and put on the back of a CEREAL BOX.

This comment has been flagged by the community. Click here to show it.

Anonymous Coward says:

Re: Re: Re:


Who the hell are you to hate America, we never invited you HERE In the FIRST PLACE.

In the FUTURE, Malania will decide who can come and who can’t. We want to say I’m Christian and DAMN IT I’m PROUD OF IT!


PaulT (profile) says:

Re: Re: Re:2 Re:

As of right now, 124,281 in the US, with a rapid increase in the number of new infections, and several states reporting that they have already reached medical capacity to deal with them. Trump’s response to this? Stop testing to find the new infections.

This summer should be fun in all the wrong ways, while my local borders are cautiously opening to international tourists from safe countries (i.e. not the US). I wonder how many more innocent lives those values are going to demand on the altar of a tyrant.

Anonymous Coward says:

High Order Fecklessness

"One bad outcome might be even more pop-ups asking you to give permission to have your data gathered, and be tracked as you move around the Internet."

With the default answer being "yes," even if you simply close the pop-up without offering a specific yes/no reply. With the "no" option buried beneath multiple links pointing to pages describing options and demanding minutes of time and effort. Result is business as usual in all but a very few cases.

This comment has been deemed insightful by the community.
Anonymous Anonymous Coward (profile) says:

Limit Facebook to Facebook account holders

Where is the consideration to those of us who do not have Facebook accounts? Facebook is allowed to collect the data, but since no Facebook account exists, just where do they assign it? Then again, why should they be allowed to collect it just because there is a ‘like’ button on a page I look at, that doesn’t belong to Facebook? Should those third party sites be in the position of either removing Facebook’s ‘like’ button or giving everyone who visits the opt out option?

I, and many others, have no relationship with Facebook. Why should they be allowed to track us?

Anonymous Coward says:

Re: Limit Facebook to Facebook account holders

Those are sometimes called "shadow profiles". The "Europe v. Facebook" group filed an official complaint in 2011. Their website does not list the outcome, but Wikipedia describes the result of a Belgian complaint: "In early November 2015, Facebook was ordered by the Belgian Privacy Commissioner to cease tracking non-users, citing European laws, or risk fines of up to £250,000 per day. As a result, instead of removing tracking cookies, Facebook banned non-users in Belgium from seeing any material on Facebook, including publicly posted content".

ECA (profile) says:

why no thte old way..

Why not have these sites Use their OWN signup..
Many dont even let you choose to create a new account.

Using Google/FB/Discus/… accounts makes it easy as you dont need OTHER info given to those companies, But they will get that info. You get to save on passwords.

What are the odds that if someone gets on your computer, or your system gets hacked. That all your DATA belongs to them for having 2-3 passwords.

Jeroen Hellingman (profile) says:

Re: why no thte old way..

I have a password manager, and keep separate accounts on almost all sites that allow it, but using a centralized system is so much more convenient for most, even when the damage done when such an account is compromised is so much bigger.

For those in the EU: I think it would be nice to organize a GDPR request day, on which everybody would request their personal details on the same date — flooding the system, and thus giving rise to an avalanche of legitimate complaints for not meeting the 30 day deadline to supply them. If we make personal data a toxic asset that way, the eagerness to harvest it might become less.

ECA (profile) says:

Re: Re:

Do you understand that THEY have the same problem..
WE can ask the Same as above…
Even take it to court.. or even the World court.

That IF we ask ANY agency to show OUR DATE/with ID…they MUST show us what they have…QUICKLY…


This is an interesting thing happening, but WE have to FORCE IT, or we are lazy bastards.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...