Top German Court Rules Facebook's Collection And Use Of Data From Third-Party Sources Requires 'Voluntary' Consent
from the oh-no,-not-more-pop-ups dept
Back at the end of 2017, Germany’s competition authority, the Bundeskartellamt, made a preliminary assessment that Facebook’s data collection is “abusive“. At issue was a key component of Facebook’s business model: amassing huge quantities of personal data about people, not just from their use of Facebook, WhatsApp and Instagram, but also from other sites. If a third-party website has embedded Facebook code for things such as the ‘like’ button or a ‘Facebook login’ option, or uses analytical services such as ‘Facebook Analytics’, data will be transmitted to Facebook via APIs when a user calls up that third party’s website for the first time. The user is not given any choice in this, and it was this aspect that the Bundeskartellamt saw as “abusive”.
After the preliminary assessment, in February 2019 the German competition authority went on to forbid Facebook from gathering information in this way without voluntary permission from users:
(i) Facebook-owned services like WhatsApp and Instagram can continue to collect data. However, assigning the data to Facebook user accounts will only be possible subject to the users’ voluntary consent. Where consent is not given, the data must remain with the respective service and cannot be processed in combination with Facebook data.
(ii) Collecting data from third party websites and assigning them to a Facebook user account will also only be possible if users give their voluntary consent.
If consent is not given for data from Facebook-owned services and third party websites, Facebook will have to substantially restrict its collection and combining of data. Facebook is to develop proposals for solutions to this effect.
Naturally, Facebook appealed against this decision, and the Düsseldorf Higher Regional Court found in its favor. However, as the New York Times reports, the Federal Court of Justice, which monitors compliance with the German constitution, has just reversed that:
On Tuesday, the federal court said regulators were right in concluding that Facebook was abusing its dominant position in the market.
“There are neither serious doubts about Facebook’s dominant position on the German social network market nor the fact that Facebook is abusing this dominant position,” the court said. “As the market-dominating network operator, Facebook bears a special responsibility for maintaining still-existing competition in the social networking market.”
Needless to say, Facebook vowed to fight on — and to ignore the defeat for the moment. The case goes back to the lower court to rule again on the matter, but after the Federal Court of Justice guidance, it is unlikely to be in Facebook’s favor this time. There is also the possibility that the case could be referred to the EU’s top court, the Court of Justice of the European Union, to give its opinion on the matter.
Assuming that doesn’t happen, the ruling could have a big impact not only on Facebook, but on all the other Internet giants that gather personal details from third-party sites without asking their visitors for explicit, voluntary permission. Although the ruling only applies to Germany, the country is the EU’s biggest market, and likely to influence what happens elsewhere in the region, and maybe beyond. One bad outcome might be even more pop-ups asking you to give permission to have your data gathered, and be tracked as you move around the Internet.
Follow me @glynmoody on Twitter, Diaspora, or Mastodon.
Filed Under: data collection, data privacy, germany, permission
Companies: facebook
Comments on “Top German Court Rules Facebook's Collection And Use Of Data From Third-Party Sources Requires 'Voluntary' Consent”
This comment has been flagged by the community. Click here to show it.
Germans are Nazis. Techdirt is Marxist. AntiFa is Fascist. BLM wants to burn down America.
OMG, can you IMAGINE how GREAT it’s going to be to celebrate TRUMP’s next VICTORY!
You idiots have all lost your minds. The ridiculous articles here are going to be laughed at for generations.
AND, I’m going to be REVERED and EMULATED by American Children and put on the back of a CEREAL BOX.
Re: Re:
‘k then.
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:
AND if you don’t LIKE AMERICA you can STAY THE FUCK OUT or you can GO BACK TO WHERE YOU CAME FROM! YOU LIVE A LIFE OF SHAME, SHAME, SHAME! MARXISTS ALL! TECHDIRT IS MARXIST!
Who the hell are you to hate America, we never invited you HERE In the FIRST PLACE.
In the FUTURE, Malania will decide who can come and who can’t. We want to say I’m Christian and DAMN IT I’m PROUD OF IT!
DON’T YOU DARE IGNORE THE FACT THAT THIS IS A NATION FOUNDED ON JUDAEO-CHRISTIAN ETHICS!
Re: Re: Re: Re:
I thought it was founded on Enlightenment principles by the Masons and coopted by the Illuminati. They replaced George Washington with Adam Weisshaupt. For some reason.
Re: Re: Re: Re:
Judeo-Christian ethics? Is that why you backed an Indian, Hamilton, to rape this site and fuel your twisted desires?
Re: Re: Re:
How’re those ethics workin’ out for the 120,000-plus people who died of COVID-19, hmm?
Re: Re: Re:2 Re:
They went to heaven, unlike Cuomo (and you), he’s going somewhere else.
Re: Re: Re:2 Re:
As of right now, 124,281 in the US, with a rapid increase in the number of new infections, and several states reporting that they have already reached medical capacity to deal with them. Trump’s response to this? Stop testing to find the new infections.
This summer should be fun in all the wrong ways, while my local borders are cautiously opening to international tourists from safe countries (i.e. not the US). I wonder how many more innocent lives those values are going to demand on the altar of a tyrant.
Re: Re: Re: Re:
Here’s a hint: someone who is actually expecting a victory does not act like this. This is the pant-wetting fear of someone who realises they have already lost.
Re: Re:
you deserve the cereal box…not the milk carton.
High Order Fecklessness
"One bad outcome might be even more pop-ups asking you to give permission to have your data gathered, and be tracked as you move around the Internet."
With the default answer being "yes," even if you simply close the pop-up without offering a specific yes/no reply. With the "no" option buried beneath multiple links pointing to pages describing options and demanding minutes of time and effort. Result is business as usual in all but a very few cases.
Limit Facebook to Facebook account holders
Where is the consideration to those of us who do not have Facebook accounts? Facebook is allowed to collect the data, but since no Facebook account exists, just where do they assign it? Then again, why should they be allowed to collect it just because there is a ‘like’ button on a page I look at, that doesn’t belong to Facebook? Should those third party sites be in the position of either removing Facebook’s ‘like’ button or giving everyone who visits the opt out option?
I, and many others, have no relationship with Facebook. Why should they be allowed to track us?
Re: Limit Facebook to Facebook account holders
Those are sometimes called "shadow profiles". The "Europe v. Facebook" group filed an official complaint in 2011. Their website does not list the outcome, but Wikipedia describes the result of a Belgian complaint: "In early November 2015, Facebook was ordered by the Belgian Privacy Commissioner to cease tracking non-users, citing European laws, or risk fines of up to £250,000 per day. As a result, instead of removing tracking cookies, Facebook banned non-users in Belgium from seeing any material on Facebook, including publicly posted content".
why no thte old way..
Why not have these sites Use their OWN signup..
Many dont even let you choose to create a new account.
Using Google/FB/Discus/… accounts makes it easy as you dont need OTHER info given to those companies, But they will get that info. You get to save on passwords.
What are the odds that if someone gets on your computer, or your system gets hacked. That all your DATA belongs to them for having 2-3 passwords.
Re: why no thte old way..
I have a password manager, and keep separate accounts on almost all sites that allow it, but using a centralized system is so much more convenient for most, even when the damage done when such an account is compromised is so much bigger.
For those in the EU: I think it would be nice to organize a GDPR request day, on which everybody would request their personal details on the same date — flooding the system, and thus giving rise to an avalanche of legitimate complaints for not meeting the 30 day deadline to supply them. If we make personal data a toxic asset that way, the eagerness to harvest it might become less.
Re: Re: why no thte old way..
See..
Part of OUR problem tends to be asking the Corps/courts to release the INFO garnered.
WONDERFUL news…it would be, if we COULD demand the info they had gathered…REALLY..
THEN we can demand they DELETE certain, but not all DATA..
IT AINT GOING TO HAPPEN IN A CAPITALIST SYSTEM.
Send it overseas
Who ya gonna call ???
BLM and Burn it all down .
Start from scratch CHAZ all around
Who ya gonna call ???
BLM and Burn it all down .
Re: Re:
Do you understand that THEY have the same problem..
WE can ask the Same as above…
Even take it to court.. or even the World court.
That IF we ask ANY agency to show OUR DATE/with ID…they MUST show us what they have…QUICKLY…
THEN ASK TO REMOVE IT..
This is an interesting thing happening, but WE have to FORCE IT, or we are lazy bastards.