W3C home > Mailing lists > Public > public-privacy@w3.org > July to September 2011

fyi: German (Schleswig-Holstein state) Data Protection Cmsn: Deactivate Facebook web analytics

From: =JeffH <Jeff.Hodges@KingsMountain.com>
Date: Mon, 22 Aug 2011 09:58:25 -0700
Message-ID: <4E528AB1.3000402@KingsMountain.com>
To: public-privacy@w3.org, ietf-privacy@ietf.org
[ hat tip: Bil Corry ]

Source: https://www.datenschutzzentrum.de/presse/20110819-facebook-en.htm

2011-08-19


P R E S S   R E L E A S E


ULD to website owners: „Deactivate Facebook web analytics“


The Data Protection Commissioner’s Office (Independent Centre for Privacy 
Protection - ULD) calls on all institutions in the federal state of 
Schleswig-Holstein, Germany to shut down their fan pages on Facebook and remove 
social plug-ins such as the “like”-button from their websites. After a thorough 
legal and technical analysis ULD comes to the conclusion that such features are 
in violation of the German Telemedia Act (TMG) and of the Federal Data 
Protection Act (BDSG), respectively the Data Protection Act of 
Schleswig-Holstein (LDSG SH). By using the Facebook service traffic and content 
data are transferred into the USA and a qualified feedback is sent back to the 
website owner concerning the web page usage, the so called web analytics (Ger.: 
Reichweitenanalyse). Whoever visits facebook.com or uses a plug-in must expect 
that he or she will be tracked by the company for two years. Facebook builds a 
broad individual and for members even a personalised profile. Such a profiling 
infringes German and European data protection law. There is no sufficient 
information of users and there is no choice; the wording in the conditions of 
use and privacy statements of Facebook does not nearly meet the legal 
requirements relevant for compliance of legal notice, privacy consent and 
general terms of use.

ULD expects from website owners in Schleswig-Holstein to immediately stop the 
passing on of user data to Facebook in the USA by deactivating the respective 
services. If this does not take place by the end of September 2011, ULD will 
take further steps. After performing the hearing and administrative procedure 
this can mean a formal complaint according to sect. 42 LDSG SH for public 
entities, a prohibition order pursuant to sect. 38 par. 5 BDSG as well as a 
penalty fine for private entities. The maximum fine for violations of the TMG 
is 50TS Euro.

Commissioner Thilo Weichert, head of ULD: “ULD has pointed out informally for 
some time that many Facebook offerings are in conflict with the law. This 
unfortunately has not prevented website owners from using the respective 
services and the more so as they are easy to install and free of charge. Web 
analytics is among those services and especially informative for advertising 
purposes. It is paid with the data of the users. With the help of these data 
Facebook has gained an estimated market value of more than 50 bn. dollars. 
Institutions must be aware that they cannot shift their responsibility for data 
privacy upon the enterprise Facebook which does not have an establishment in 
Germany and also not upon the users.

Our current call is only the beginning of a continuing privacy impact analysis 
of Facebook applications. ULD will continue in cooperation with other German 
data protection authorities. A comprehensive analysis is not to be performed at 
one go for a small privacy agency such as ULD; moreover is Facebook constantly 
changing its technical procedures and terms of use. Nobody should claim that 
there are no alternatives; there are European and other social media available 
that take the protection of privacy rights of Internet users far more serious. 
That they also may contain problematic applications must not be a reason to 
remain idle towards Facebook, but must prompt us as supervisory authorities to 
pursue these violations. Users can take their part in trying to avoid privacy 
adverse offerings.”

To Internet users ULD offers the advice to keep their fingers from clicking on 
social plug-ins such as the “like”-button and not to set up a Facebook account 
if they wish to avoid a comprehensive profiling by this company. Profiles are 
personal information; Facebook is requiring its members to register their 
actual name.

ULD has published its privacy evaluation of website analytics by Facebook in 
German language on the Internet at

https://www.datenschutzzentrum.de/facebook/

This analysis will be continued, that is extended and specified. Suggestions to 
ULD are welcome by e-mail to

facebook@datenschutzzentrum.de

For inquiries or in case of general further questions please contact:
Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein
Holstenstr. 98, 24103 Kiel, Germany
Phone: ++49 (0)431 988-1200, Fax: -1223
Received on Monday, 22 August 2011 17:04:53 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:23:53 UTC