Facebook fan page operators not responsible for user data, German appeals court confirms

But a German data protection commissioner called the decision 'a catastrophe and a setback for data protection'

Facebook fan page operators are not legally responsible for the personal data of visitors to their pages, but Facebook is, a German appeals court ruled.

Businesses or other groups who create and administer Facebook Pages to build relationships with their customers or audience are not responsible for how the personal data of visitors to the pages is processed, because they have no influence on the technical and legal aspects of the data processing by Facebook, the Higher Administrative Court of Schleswig-Holstein said Friday.

The fact that fan page operators receive anonymized statistics about Facebook users does not make them share a data protection responsibility, the court said in a news release. This means that the Office of the Data Protection Commissioner (ULD) for the German state of Schleswig-Holstein is not allowed to order fan page operators to deactivate their pages for data protection law violations, it added.

The Higher Administrative Court confirmed an October 2013 ruling by the Administrative Court of Schleswig-Holstein. That court also ruled that Facebook fan page operators are not responsible for the way Facebook processes the personal data of people visiting the pages.

The ULD started ordering companies in 2011 to deactivate their Facebook fan pages or face a fine of up to €50,000 (about US$64,700). The authority argued that Facebook violated German data protection laws by processing personal data of German citizens and said that companies operating fan pages are at least partly responsible for the processing of personal data via those pages.

ULD head Thilo Weichert was disappointed by the decision and called it "a catastrophe and a setback for data protection."

The verdict gives governmental and commercial operators who use "illegal portals from the U.S." such as Facebook provisional legal certainty while it leaves users out in the rain, Weichert said.

The court said that those affected by possible privacy violations should file a complaint against Facebook. However, the court failed to specify if complaints should be filed against Facebook Inc. in the U.S., Facebook Ltd. in Ireland or Facebook Germany, the ULD said.

In Germany, several lawsuits against Facebook Ireland over privacy matters were rejected by courts that argued that because Facebook's European headquarters is located in Ireland, Irish law applies. However, another German court ruled last year that German data protection law does apply to Facebook, contradicting the other decisions.

The door to irresponsibility on the Internet will remain wide open if Friday's verdict remains intact, Weichert said. The ULD will wait for the full written verdict to determine if it will be useful to file an appeal with Federal Administrative Court, he said.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Join the CSO newsletter!

Error: Please check your email address.

Tags securityCivil lawsuitslegalFacebookprivacy

More about FacebookIDGInc.News

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Loek Essers

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts