We use Cookies By continuing to use the site you consent to the use of cookies. Read our cookies policy Accept

European Commission Project

Consumer Champion is a capacity building programme of the European Commission, managed by the Consumers, Health, Agriculture and Food Executive Agency (Chafea) to support and develop the capacity of consumer organisations and other entities with similar objectives from EU Member states, EEA and candidate countries.

Our partners
Close
Blogs
This website is in English to provide a common language for dialogue among users. We have provided an external Google Translate tool to assist website visitors, however the quality of the translated content is neither controlled nor guaranteed by Consumer Champion.
Translate

Expert Advice Tabs

Add News / Events / Blogs
01.03.18
Added by: Christiane Seidel (Federation of German Consumer Organisations - vzbv)

Privacy by default as a guiding principle when catching up with friends, checking out events in your area or searching for cute photos of pets on Facebook? Not quite! Facebook’s default settings and some of its terms of service and privacy policies are in breach of consumer law.

That was the decision  of the Berlin Regional Court following a lawsuit brought by the Federation of German Consumer Organisations (Verbraucherzentrale Bundesverband – vzbv). The ruling has received a lot of media attention – not only in Germany but EU-wide – and shows that there still is need for policy action.  
 
The Berlin Regional court confirmed what data protection experts have been criticising for years: Facebook did not meet national requirements for the protection of personal data. The Facebook app for smartphones, for example, featured a pre-activated location service that reveals the location of users to people they are chatting with. In the privacy configurations, default settings allowed search engines to link users’ locations to their timeline. This meant that anyone could quickly and easily locate personal Facebook profiles. The judges ruled that all five of the default settings that vzbv complained about are invalid with regards to declarations of consent. They said there was no guarantee that users would even know they exist.
 
Consent to the use of data is framed too broadly 
 
The Berlin Regional Court held another eight more clauses in Facebook’s terms of use to be invalid. These included pre-formulated declarations of consent which allowed Facebook to use the name and profile picture of users “for commercial, sponsored or related content” and to transfer their data to the USA. The judges made clear that such pre-formulated declarations cannot constitute effective consent to the use of data. 
 
A clause obliging users to only provide their real name and data was also ruled unlawful. The court found that this obligation was a convert way of obtaining users consent to the processing of their data. This was sufficient to rule the provision unlawful. The use of a pseudonym instead of the full name allows consumers to protect their anonymity if they wish so. In practice, pseudonyms have been used by a broad range of Facebook subscribers – not only in Germany. 
 
Facebook’s claim that it is “free, and always will be” is permitted 
 
Moreover, vzbv believes that the claim “free and always will be” is misleading since consumers do not pay in euros but with their personal data. However, the Berlin Regional Court found the claim was lawful because intangible consideration cannot be regarded as a cost. In other words, data cannot be considered as payment. 
 
The judges also rejected several others of vzbv complaints against Facebook’s provisions on its privacy policy, stating that the policy only contains information about the company’s procedures and no contractual provisions. vzbv and Facebook have appealed to the Berlin Court of Appeal on the points that were rejected by the court. 
 
In addition, National Enforcers of the Consumer Protection Cooperation Network have found that Facebook, along with Twitter and Google+ do not comply with a range of EU consumer protection rules and do not ensure the rapid removal of illegal content upon notification. In this regards, Twitter still fails to notify users when they unilaterally terminate the contract. 
 
BEUC, the European Consumer Organisation, says that it is worrying that all three Media companies did not address all the problems identified by the authorities and asked for deterrent sanctions when a company does not comply with consumer and data protection law. BEUC calls on the EU Commission to take urgent action.
 
[1] Judgment of the Berlin Regional Court dated 16 January 2018, Case no. 16 O 341/15 – not res judicata https://www.vzbv.de/pressemitteilung/facebook-verstoesst-gegen-deutsches-datenschutzrecht
 

YOUR COMMENTS

0

To post your comment

Login Sign up
SIGN UP
Back to top