German court: Facebook data practices

German court: Facebook data practices breach competition law.

German court: Facebook data practices breach competition law due to its data collection practices from its suite of apps and through external websites.

 

Germany strikes Facebook’s business model as the German Competition Authority  has launched an inquiry into the data collection practices of the social media and data collection giant with their local court. This is the first major country in the EU to ever launch any legal action against the company especially since the recent implementation of the GDPR. To be specific Facebook’s ability to provide detailed marketing data to companies who would pay for this information is now hindered greatly as the company is being limited in the collection of data and its integration from their full suite of apps. In its recent article, Politico reported that the Bundeskartellamt has ruled that German citizens will have to explicitly and knowingly consent to cross-app data integration by Facebook.

 

While Facebook hasn’t been found guilty of data protection malpractice by the GDPR,their practices breached Germany’s national privacy policies 

 

Cambridge Analytica revelations showed that this data integration had a marked effect on many important political outcomes such as Brexit and US 2016 elections. These targeted ads may cause more harm than perceived and Germany is the first to seek to protect its citizens from this. Facebook hasn’t been found guilty of data protection malpractice by the GDPR, as it is important to note the decision was made via Germany’s national privacy policies not the EU’s. The EU is still keeping a watchful eye on the proceedings as Facebook has the opportunity to fight the decision or suspend the case, and a decision has yet to be made. The GDPR states that data subjects need to provide “freely given, specific, informed and unambiguous” consent where data is used for commercial purposes.

 

Facebook is the only company thus far, found to be in breach of Germany’s competition law.

 

So far the Bundeskartellamt has only targeted Facebook with this wave of action due to its wide monopoly on Social Media in Germany, as it records over eighty percent of monthly active users on social media in the nation state. YouTube, Twitter and Snapchat were all seen as secondary and were not subject to any legal action. These companies however will be taking note of these changes in policy as it could affect how they operate in the future and may prevent an integrated platform to the likes of Facebook (at least in Germany) due to these restrictions. Facebook will need to implement the decision over the next 12 months.

 

The EU may be forced to implement new protocols for the GDPR.

 

Companies with existing competition and data privacy lawsuits, and open decisions such as Google and Amazon are keenly affected by this type of legislature change as well. If a major detriment to these data integration practices can be found by the Bundeskartellamt, the EU may be forced to implement new protocols for the GDPR and police these data collection services more diligently as some have already been accused of seeking consent in deceptive fashions, being unclear in data use or vaguely outlining the detail or extent of data being collected. The impact it could possibly have on E-commerce in the European sphere is definitely something worth paying attention to. Especially since the GDPR is one of the more universally referenced examples of a good starting point for current standard in Data protection policy.

 

According to Cristina Contero Almagro, Partner in Aphaia, “Combining data from different sources requires at least to put in place a Data Protection Impact Assessment first. Apart from that, it is deemed profiling, so it may be subject to Article 22 GDPR requirements, plus additional guarantees should be applied due to its commercial purpose”.

Does your company have all of the mandated safeguards in place to ensure compliance with the GDPR and Data Protection Act 2018? Aphaia provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.

Regulatory case law, June 2015: financing internet subscription services at a fixed location

This past June, the European Court of Justice reviewed financing mechanisms in internet subscription services requiring a connection to the internet at a fixed location, as well as state aid in competition – both in hydrocarbon and nuclear.
Read more “Regulatory case law, June 2015: financing internet subscription services at a fixed location”

Regulatory case law, December 2014: waste management, green electricity and dominant position in mobile telephony

In the last month of 2014 the European Court of Justice dealt with failures to comply with waste management obligations, privacy concerns stemming from homeowners recording public spaces while protecting their property, abuses of dominant position in telecoms, and exemptions from the obligation of purchasing green electricity.
Read more “Regulatory case law, December 2014: waste management, green electricity and dominant position in mobile telephony”