ellipsis flag icon-blogicon-check icon-comments icon-email icon-error icon-facebook icon-follow-comment icon-googleicon-hamburger icon-imedia-blog icon-imediaicon-instagramicon-left-arrow icon-linked-in icon-linked icon-linkedin icon-multi-page-view icon-person icon-print icon-right-arrow icon-save icon-searchicon-share-arrow icon-single-page-view icon-tag icon-twitter icon-unfollow icon-upload icon-valid icon-video-play icon-views icon-website icon-youtubelogo-imedia-white logo-imedia logo-mediaWhite review-star thumbs_down thumbs_up

Germany bans business use of Facebook

Germany bans business use of Facebook Brandt Dainow
The data protection authority for the German state of Schleswig-Holstein has declared business use of Facebook and Facebook "like" buttons illegal. All businesses in Schleswig-Holstein have until the end of the September 2011 to remove "like" buttons and close their Facebook pages.

Here's a quick summary of why.  The full announcement is below.

1) Data is transmitted to the USA without proper notification to users. Lack of proper notification is illegal under European and German privacy laws.

2) Data is used to create online profiles and track people for 2 years. Creation of online profiles and cross-site tracking is illegal in Germany and under EU laws unless prior informed consent is given.   Browser settings do not constitute informed consent.

3) Facebook's privacy statement and T&C's are vague, confusing, uninformative, and therefore illegal under German requirements.  This means, even if you read and agreed, you still would not have given informed consent.

Their final comment: "Institutions must be aware that they cannot shift their responsibility for data privacy upon Facebook or the users."

Here is the entire text of the English-language announcement:

P R E S S   R E L E A S E

ULD to website owners:

„Deactivate Facebook web analytics“

The Data Protection Commissioner’s Office (Independent Centre for Privacy Protection - ULD) calls on all institutions in the federal state of Schleswig-Holstein, Germany to shut down their fan pages on Facebook and remove social plug-ins such as the “like”-button from their websites. After a thorough legal and technical analysis ULD comes to the conclusion that such features are in violation of the German Telemedia Act (TMG) and of the Federal Data Protection Act (BDSG), respectively the Data Protection Act of Schleswig-Holstein (LDSG SH). By using the Facebook service traffic and content data are transferred into the USA and a qualified feedback is sent back to the website owner concerning the web page usage, the so called web analytics (Ger.: Reichweitenanalyse). Whoever visits facebook.com or uses a plug-in must expect that he or she will be tracked by the company for two years. Facebook builds a broad individual and for members even a personalised profile. Such a profiling infringes German and European data protection law. There is no sufficient information of users and there is no choice; the wording in the conditions of use and privacy statements of Facebook does not nearly meet the legal requirements relevant for compliance of legal notice, privacy consent and general terms of use.

ULD expects from website owners in Schleswig-Holstein to immediately stop the passing on of user data to Facebook in the USA by deactivating the respective services. If this does not take place by the end of September 2011, ULD will take further steps. After performing the hearing and administrative procedure this can mean a formal complaint according to sect. 42 LDSG SH for public entities, a prohibition order pursuant to sect. 38 par. 5 BDSG as well as a penalty fine for private entities. The maximum fine for violations of the TMG is 50TS Euro.

Commissioner Thilo Weichert, head of ULD: “ULD has pointed out informally for some time that many Facebook offerings are in conflict with the law. This unfortunately has not prevented website owners from using the respective services and the more so as they are easy to install and free of charge. Web analytics is among those services and especially informative for advertising purposes. It is paid with the data of the users. With the help of these data Facebook has gained an estimated market value of more than 50 bn. dollars. Institutions must be aware that they cannot shift their responsibility for data privacy upon the enterprise Facebook which does not have an establishment in Germany and also not upon the users.

Our current call is only the beginning of a continuing privacy impact analysis of Facebook applications. ULD will continue in cooperation with other German data protection authorities. A comprehensive analysis is not to be performed at one go for a small privacy agency such as ULD; moreover is Facebook constantly changing its technical procedures and terms of use. Nobody should claim that there are no alternatives; there are European and other social media available that take the protection of privacy rights of Internet users far more serious. That they also may contain problematic applications must not be a reason to remain idle towards Facebook, but must prompt us as supervisory authorities to pursue these violations. Users can take their part in trying to avoid privacy adverse offerings.”

To Internet users ULD offers the advice to keep their fingers from clicking on social plug-ins such as the “like”-button and not to set up a Facebook account if they wish to avoid a comprehensive profiling by this company. Profiles are personal information; Facebook is requiring its members to register their actual name.

ULD has published its privacy evaluation of website analytics by Facebook in German language on the Internet at


This analysis will be continued, that is extended and specified. Suggestions to ULD are welcome by e-mail to

[email protected]

For inquiries or in case of general further questions please contact:

Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein

Holstenstr. 98, 24103 Kiel, Germany

Phone: ++49 (0)431 988-1200, Fax: -1223

The EU works on an assumption of "legislative equivalence." This means a decision like this is deemed to apply in all EU states unless you can win a court case showing otherwise.  Even if you won a case at a local level, it can still be appealed up to EU-level.  It is extremely likely, in my view, that others will use this decision to push for similar decisions in their regions.  Facebook does not have much corporate presence in the EU, and so it lacks any real power to lobby against this.  I think it highly likely the rest of Germany will move to the same position fairly fast.  Other countries will probably follow.

Some people reading this may think the German's are being silly. However, I think we need to respect the culture of different countries.  The web brings the cultures of hundreds, if not thousands, of regions and groups into a shared environment.  We cannot assume that any one approach to online privacy is "correct" and that everyone else is "wrong."  In particular, we cannot assume the USA's business-centric attitude that consumers do not have a right to privacy will be respected anywhere else in the world.  Significant portions of the planet believe personal privacy is a fundamental human right.  We must respect the right of others to live in the manner they want, especially if they live in a democracy.  International brands, such as Facebook and Google, have a responsibility to ensure they understand the differing attitudes towards privacy in the countries in which they do business, and work within the boundaries each country demands.  Failure to comply will lead to situations like this, costing the company money and potentially bringing legal penalties to their staff (as happened with Google staff, who were jailed in Germany for privacy violations).  It's just bad business.

Brandt is an independent web analyst, researcher and academic.  As a web analyst, he specialises in building bespoke (or customised) web analytic reporting systems.  This can range from building a customised report format to creating an...

View full biography


to leave comments.