A court in Düsseldorf ruled yesterday that German websites that use Facebook buttons could not transfer data to the company without user consent, along with the understanding that that’s what they were doing. One of the businesses found in violation of German data protection law was clothing retailer Peek & Cloppenburg, who had featured the Like button on their site. The business failed to sufficiently explain to users that their data would flow to Facebook.
According to Reuters, the court stated that “A mere link to a data protection statement at the foot of the website does not constitute an indication that data are being or are about to be processed.” The retiler wants to wait and see what the court’s full opinion is before they decide to appeal or not.
Facebook isn’t a party to this litigation. But even then, this is another setback for the social network in Europe. The company’s data collection and ad practices are under intensifying scrutiny in a number of countries, like France and Belgium.
I don’t think this will be the end of the Like button on Facebook but there’s the suggestion that EU cookie-like disclosures will be required in the future. This means that Europeans will be informed by sites with embedded social buttons that their data could be captured and sent to Facebook.
Just because Facebook has a dominant position in the market does not mean that the company has the ability to impose terms on users. This idea is potentially violating privacy laws in Germany. The Bundeskartellamt, Germany’s competition authority, asserted that the terms and conditions put forth by Facebook are hard to understand and potentially illegal:
There is an initial suspicion that Facebook’s conditions of use are in violation of data protection provisions. Not every law infringement on the part of a dominant company is also relevant under competition law. However, in the case in question Facebook’s use of unlawful terms and conditions could represent an abusive imposition of unfair conditions on users. The Bundeskartellamt will examine, among other issues, to what extent a connection exists between the possibly dominant position of the company and the use of such clauses.
If privacy violations occur in the EU, there will be fines of up to four percent of global revenue in extreme cases. That seems to be a minimum, as antitrust violations can go as high as 10 percent of global revenue. Facebook’s 2015 revenue was nearly $18 billion. The resulting fine for Facebook would be quite a big chunk of pocket change for the company.