Facebook faces minimal penalties for flouting German law

Public pressure is more harmful for Facebook than the fines, a German privacy regulator said
  • Loek Essers (IDG News Service)
  • — 08 January, 2013 16:24

Facebook only risks a fine of ¬20,000 (US$26,000) if it loses a dispute over its real name policy in Germany, but will be hurt more by bad publicity generated by the litigation, a German privacy regulator said on Tuesday.

The Office of the Data Protection Commissioner (ULD) for Schleswig-Holstein ordered Facebook to stop enforcing its real name policy last month because it violates the German Telemedia Act that gives users the right to use nicknames online. Facebook refuses to permit pseudonyms on its platform, and it believes that is compliant with European data protection law.

The orders were issued against Facebook USA and Facebook Ireland, which is responsible for all Facebook's activities outside of the U.S. and Canada. The social network decided to dispute the orders at the Administrative Court of the State of Schleswig-Holstein around Christmas, said Harald Alberts, a spokesman for the court, on Tuesday.

The ULD is was planning to file a reply with the court this week, said Thilo Weichert, privacy commissioner and head of ULD.

After that, the court probably needs about two months to reach a preliminary verdict, Alberts said. If Facebook loses, it can appeal the case to the state's Administrative Court of Appeals. If Facebook loses the appeal, it will be ordered to stop its real name policy and the fine set by the ULD can be imposed, he added. The proceedings are complex, however, and are likely to take years, Alberts said.

Only the ULD is able to fine Facebook though, not the court, said Alberts. And in theory, Facebook could decide to pay the fine and keep enforcing its real name policy, he said, although he said he had never seen a case in which that has happened.

In that situation, though, the ULD could decide to impose another fine on Facebook with a maximum of ¬50,000, which could be disputed in court again by the social network, Weichert said. But while the threat of a fine might not concern Facebook, the company might fear having its business model ruled illegal, he said. "And that is exactly the goal of ULD," he said, adding that the best means to pressure Facebook is applying that pressure publicly.

"We know ¬20,000 is nothing for Facebook, it's just symbolic," he said. "But if we win the legal process, we are pretty sure there will be a big discussion," he said.

The fine that can be imposed is of course very minimal, said Carola Elbrecht, project manager for consumer rights in the digital world at the Federation of German Consumer Organizations, who welcomed ULD's complaint. Internet users should be able to be anonymous online, she said, adding that Facebook obviously wants to oblige its users to use real names because it can better target ads at real people and make more money by doing so.

The size of the fines that could be imposed are not that important in this case, Elbrecht said. "Facebook bleeds much more with bad publicity," she said, adding that this case is about status and image and not about money.

While Facebook could easily pay the fine and continue its real name policy if it loses the lawsuit, she predicted it would not do so because of the public pressure. "Facebook will do everything to be seen as a serious business," Elbrecht said.

It remains to be seen who is right in this case, because the disputed law is ambiguous about the use of online pseudonyms, Elbrecht said. But the contents of the ULD's complaint are good, she said.

Facebook will fight the ULD's orders vigorously because they are without merit and a waste of German taxpayers' money, a Facebook spokesman said in an email repeating the company's stance on the matter. "It is the role of individual services to determine their own policies about anonymity within the governing law," he said.

Tags: security, regulation, legal, Civil lawsuits, internet, government, legislation, Facebook, privacy

Heartbleed panic drives flood of enquiries to Symantec's Melbourne CA

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Enterprise Security for Endpoints

Think your endpoints are secure? Think again. Learn why Trend Micro can help.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.