The Government of Germany ordered Facebook to restrict the way the social network collects information from its users
According to network security and ethical
hacking specialists from the International Institute of Cyber Security, Bundeskartellamt, the competition
authority in Germany ordered Facebook
to restrict its data collection and mixing policy when the users did not have
given their explicit consent.
This policy extends to data collected from
third-party services, as well as to other Facebook-owned platforms, such as
Instagram. The social network stated that it would appeal this decision.
To be specific, the German regulator decided:
- The
various Facebook-owned services, such as WhatsApp and Instagram, may keep
collecting data, but may not mix this data with those of a user’s main Facebook
account, unless they manifest their explicit consent - Data
collection from third-party sites, and subsequent association to a user’s
Facebook account, must also be made under explicit consent of the involved
parties
The regulatory authority specified that “a
checkmark in a box” is not sufficient explicit consent to accept all Facebook
terms. It is important to note that this ruling applies only to Facebook
activities on German territory, although other supervisory bodies are likely to
start taking similar measures.
On the other hand, the social network maintains
that the German regulator has exceeded its functions, since it considers that
issuing decisions on the privacy of data correspond to other authorities. However,
if the ruling is kept the company must implement technical solutions to meet
these requirements within four months. According to experts in network
security, Facebook is facing a fine of up to 10% of its annual earnings
in case of non compliance.
The supervisory organization maintains that
Facebook has abused its dominant market status for mass data collection: “Facebook
will no longer be able to force its users to accept the compilation of their
data,” said Andreas Mundt, director of the Bundeskartellamt.
“The mix of data sources has helped Facebook
create a unique database for each of its users, which consolidated this social
network as a dominant agent in the market.”
According to experts in network security, this
decision could impact the use of the ‘like’ and ‘share’ buttons on non-Facebook
owned sites, as this allows the social network to track the IP address of each
visitor, name and browser version, even if the users don’t interact with these
buttons.
In a post of its blog, Facebook added that the
Bundeskartellamt ignored the measures that the social network has taken to
comply with the privacy standards established in the UK’s General Data Protection
Regulation (GDPR). “GDPR grants powers to regulators in the field of data
protection, not competition authorities”.
On the other hand, the NGO Privacy
International believes that if this ruling prevails, Facebook will have to
extend these new policies for users around the world.
