Governance & Risk Management , Privacy

German Court Lifts Order Limiting Facebook Data Aggregating

But Germany's Cartel Office Plans to Appeal
German Court Lifts Order Limiting Facebook Data Aggregating
Dusseldorf Higher Regional Court (Source: Wikidata/CC)

Facebook won a victory after a German court on Monday suspended an order from the Federal Cartel Office that prohibited the social network from aggregating personal data from other services and sources.

See Also: How Enterprise Browsers Enhance Security and Efficiency

The Federal Cartel Office, known as the Bundeskartellam, found in February that Facebook’s data collection, which rolls together data from WhatsApp, Instagram and tracking tools deployed across third-party websites and services, puts competitors at a disadvantage (see: German Antitrust Office Restricts Facebook Data Processing).

Facebook appealed the order to Dusseldorf Higher Regional Court, and the court rejected the Cartel Office’s findings.

In a statement, the court said it had “serious doubts about the legality of these cartel-administrative orders on the basis of a purely summary legal examination. Even if the contested data breached data protection rules, that would not be an infringement of competition law at the same time."

In it’s full ruling, the court found that the Cartel Office’s “view that the processing of the disputed additional data increases the barriers to entry in the market for social networks for Facebook competitors is incomprehensible.”

A Facebook spokesman said the company had no comment. The Federal Cartel Office tells Information Security Media Group that it disagrees with the findings and will appeal to the Federal Court of Justice.

"Data and data handling are decisive factors for competition in the digital economy," says Andreas Mundt, president of the Cartel Office. "These legal issues are highly significant for the future state of competition in the digital economy. We are convinced that we can act in this area based on the existing antitrust law."

Eyes Across the Internet

Facebook has built its profitable online advertising business through surveillance of users both on its own web properties and across the web.

Third-party websites can use tools such as Facebook’s “pixel,” which tracks conversions, and the “like” button, which reports browsed pages. Other tools can correlate ad views with purchases, even if the purchase has been made in a bricks-and-mortar store.

The Cartel Office took issue with how Facebook doesn’t ask for specific consent from users to combine their personal data, including that from non-Facebook properties. It also sought to ensure that Facebook gains consent for that activity. The office contended the data collection practices result in an unfair competitive advantage for Facebook.

Facebook, which had been in discussions with the Cartel Office for three years before it launched its action, has contended that data aggregation is important for safety. It also argued the Cartel Office – a competition authority – wasn’t the right agency to handle data protection issues.

In a February blog post, Facebook’s data protection officer for Ireland and legal counsel contended the company complies with the European Union’s General Data Protection Regulation.

Facebook’s Clear History feature

“We support the GDPR and take our obligations seriously,” they wrote. “Yet the Bundeskartellamt’s decision misapplies German competition law to set different rules that apply to only one company.”

Not-So-Clear History

Facebook has been moving to quell criticism that it collects too much data about users’ activity across the internet. When rebutting the Cartel Office’s allegations in February, it mentioned it was developing a tool that would let users delete data supplied to it by other services.

Last week, Facebook debuted the tool: Clear History. It's intended to allow users to view and then wipe so called “off-Facebook” data that has been supplied by third-party apps and websites. The tool is first being deployed in Ireland, South Korea and Spain.

Facebook says once the data is deleted, it is no longer associated with someone’s individual account. But as with many Facebook privacy tools, there’s a catch.

The Washington Post reports that the browsing data is still held by Facebook even if someone deletes their history. The Post reports that Facebook will still be able to report to advertisers if someone made a purchase after seeing an ad.

About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.