Facebook faces minimal penalties for flouting German law

Public pressure is more harmful for Facebook than the fines, a German privacy regulator said

Facebook only risks a fine of ¬20,000 (US$26,000) if it loses a dispute over its real name policy in Germany, but will be hurt more by bad publicity generated by the litigation, a German privacy regulator said on Tuesday.

The Office of the Data Protection Commissioner (ULD) for Schleswig-Holstein ordered Facebook to stop enforcing its real name policy last month because it violates the German Telemedia Act that gives users the right to use nicknames online. Facebook refuses to permit pseudonyms on its platform, and it believes that is compliant with European data protection law.

The orders were issued against Facebook USA and Facebook Ireland, which is responsible for all Facebook's activities outside of the U.S. and Canada. The social network decided to dispute the orders at the Administrative Court of the State of Schleswig-Holstein around Christmas, said Harald Alberts, a spokesman for the court, on Tuesday.

The ULD is was planning to file a reply with the court this week, said Thilo Weichert, privacy commissioner and head of ULD.

After that, the court probably needs about two months to reach a preliminary verdict, Alberts said. If Facebook loses, it can appeal the case to the state's Administrative Court of Appeals. If Facebook loses the appeal, it will be ordered to stop its real name policy and the fine set by the ULD can be imposed, he added. The proceedings are complex, however, and are likely to take years, Alberts said.

Only the ULD is able to fine Facebook though, not the court, said Alberts. And in theory, Facebook could decide to pay the fine and keep enforcing its real name policy, he said, although he said he had never seen a case in which that has happened.

In that situation, though, the ULD could decide to impose another fine on Facebook with a maximum of ¬50,000, which could be disputed in court again by the social network, Weichert said. But while the threat of a fine might not concern Facebook, the company might fear having its business model ruled illegal, he said. "And that is exactly the goal of ULD," he said, adding that the best means to pressure Facebook is applying that pressure publicly.

"We know ¬20,000 is nothing for Facebook, it's just symbolic," he said. "But if we win the legal process, we are pretty sure there will be a big discussion," he said.

The fine that can be imposed is of course very minimal, said Carola Elbrecht, project manager for consumer rights in the digital world at the Federation of German Consumer Organizations, who welcomed ULD's complaint. Internet users should be able to be anonymous online, she said, adding that Facebook obviously wants to oblige its users to use real names because it can better target ads at real people and make more money by doing so.

The size of the fines that could be imposed are not that important in this case, Elbrecht said. "Facebook bleeds much more with bad publicity," she said, adding that this case is about status and image and not about money.

While Facebook could easily pay the fine and continue its real name policy if it loses the lawsuit, she predicted it would not do so because of the public pressure. "Facebook will do everything to be seen as a serious business," Elbrecht said.

It remains to be seen who is right in this case, because the disputed law is ambiguous about the use of online pseudonyms, Elbrecht said. But the contents of the ULD's complaint are good, she said.

Facebook will fight the ULD's orders vigorously because they are without merit and a waste of German taxpayers' money, a Facebook spokesman said in an email repeating the company's stance on the matter. "It is the role of individual services to determine their own policies about anonymity within the governing law," he said.

Join the CSO newsletter!

Error: Please check your email address.

Tags regulationsecurityCivil lawsuitslegallegislationgovernmentinternetprivacyFacebook

More about Facebook

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Loek Essers

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place