Facebook sued over App Center data sharing in Germany

Facebook should ask users' explicit consent before sharing their data with third parties, German consumer organizations say

German consumer organizations are suing Facebook because the social network keeps sharing personal data with third-party app makers without getting explicit consent from users.

Third party apps often want access to a users' chat as well as information about friends, personal contact information and the ability to post on a user's Facebook wall. But instead of asking users for permission, the apps available through Facebook's App Center just grant themselves access to the data, the Federation of German Consumer Organizations (VZBV), said on Thursday.

Consent for such comprehensive data forwarding to the app provider was never provided by the user, the VZBV said. "Reason enough for the federation to start a new lawsuit against Facebook Ireland at the regional court in Berlin," it said. Facebook Ireland is responsible for all Facebook's activities outside of the U.S. and Canada.

The social network's data protection practices worsened instead of improved when App Center was introduced in July, it said.

In the past, Facebook asked for user consent by showing a pop-up window that warned data was shared with third-parties, a user had the choice to click on allow or not allow. But when the App Center was introduced that changed, said Michaela Zinke, policy officer at the VZBV. "I'm very confused why Facebook changed it," she said, adding that before Facebook complied with German law and now doesn't anymore.

The VZBV warned Facebook in August to change its App Center privacy practices, threatening legal action if it did not do so, a warning that appears to have been in vain.

"Behind Facebook is a brutal business model," the VZBV wrote. While the use of the platform is free, Facebook isn't a charitable institution but instead lets people pay for the use of the platform with their own data, the organization said. That personal data is combined and used to make comprehensive user profiles that are used for targeted advertising, it added.

"Particularly problematic is the fact that not only Facebook but also the app providers are accessing the data. This is exactly what many users do not realize," the consumer organizations said. Especially children don't realize their data is shared with third parties when they tap on "play this game", the VZBV said.

Facebook does show a limited list in small light gray text that describes access that will be granted to an app provider when the user decides to download an app, suggesting that the sharing of this data is allowed, the VZBV said. However, sharing data with third-parties is only allowed under German law after an explicit and informed consent of the user, it said. Facebook's App Center therefore clearly violates telecom and competition laws, it added.

Facebook declined to comment. The social network "is currently looking into this", a spokeswoman said in an email. The VZBV did not immediately respond to a request for comment.

The social network has been under renewed data protection scrutiny in Germany and other European countries lately. Earlier this week for example privacy campaign group Europe vs. Facebook threatened to take the Irish Data Protection Commissioner to court if it is not satisfied with the DPC's final responses to its complaints about Facebook's privacy policies.

The group made the threat because it thinks the DPC did not act in the best interests of users when it audited the social network's privacy policies. While Facebook went beyond the recommendations by deciding to delete all facial recognition data it had stored about its E.U. users, Europe vs. Facebook thinks there is more that can be done to protect users' privacy better.

VZBV expects the first hearing in the case to take place in Summer 2013.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Join the CSO newsletter!

Error: Please check your email address.

Tags intellectual propertysecuritylegalFederation of German Consumer OrganizationsprivacyFacebook

More about FacebookIDG

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Loek Essers

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place