[WG-P3] Fwd: fyi: German (Schleswig-Holstein state) Data Protection Cmsn: Deactivate Facebook web analytics

Mark@ "Identity Trustmark" at identity-trust.com
Tue Aug 23 11:39:07 EDT 2011


Some interesting stuff from Germany.  Seems that compliance is hot  
topic for more that just P3 and the  Privacy Assessment Criteria,  
Facebook Analytics and the like button illegal in Germany.

- Mark

Begin forwarded message:

> Source: https://www.datenschutzzentrum.de/presse/20110819-facebook-en.htm
> 2011-08-19
> P R E S S   R E L E A S E
> ULD to website owners: „Deactivate Facebook web analytics“
> The Data Protection Commissioner’s Office (Independent Centre for  
> Privacy Protection - ULD) calls on all institutions in the federal  
> state of Schleswig-Holstein, Germany to shut down their fan pages on  
> Facebook and remove social plug-ins such as the “like”-button from  
> their websites. After a thorough legal and technical analysis ULD  
> comes to the conclusion that such features are in violation of the  
> German Telemedia Act (TMG) and of the Federal Data Protection Act  
> (BDSG), respectively the Data Protection Act of Schleswig-Holstein  
> (LDSG SH). By using the Facebook service traffic and content data  
> are transferred into the USA and a qualified feedback is sent back  
> to the website owner concerning the web page usage, the so called  
> web analytics (Ger.: Reichweitenanalyse). Whoever visits  
> facebook.com or uses a plug-in must expect that he or she will be  
> tracked by the company for two years. Facebook builds a broad  
> individual and for members even a personalised profile. Such a  
> profiling infringes German and European data protection law. There  
> is no sufficient information of users and there is no choice; the  
> wording in the conditions of use and privacy statements of Facebook  
> does not nearly meet the legal requirements relevant for compliance  
> of legal notice, privacy consent and general terms of use.
> ULD expects from website owners in Schleswig-Holstein to immediately  
> stop the passing on of user data to Facebook in the USA by  
> deactivating the respective services. If this does not take place by  
> the end of September 2011, ULD will take further steps. After  
> performing the hearing and administrative procedure this can mean a  
> formal complaint according to sect. 42 LDSG SH for public entities,  
> a prohibition order pursuant to sect. 38 par. 5 BDSG as well as a  
> penalty fine for private entities. The maximum fine for violations  
> of the TMG is 50TS Euro.
> Commissioner Thilo Weichert, head of ULD: “ULD has pointed out  
> informally for some time that many Facebook offerings are in  
> conflict with the law. This unfortunately has not prevented website  
> owners from using the respective services and the more so as they  
> are easy to install and free of charge. Web analytics is among those  
> services and especially informative for advertising purposes. It is  
> paid with the data of the users. With the help of these data  
> Facebook has gained an estimated market value of more than 50 bn.  
> dollars. Institutions must be aware that they cannot shift their  
> responsibility for data privacy upon the enterprise Facebook which  
> does not have an establishment in Germany and also not upon the users.
> Our current call is only the beginning of a continuing privacy  
> impact analysis of Facebook applications. ULD will continue in  
> cooperation with other German data protection authorities. A  
> comprehensive analysis is not to be performed at one go for a small  
> privacy agency such as ULD; moreover is Facebook constantly changing  
> its technical procedures and terms of use. Nobody should claim that  
> there are no alternatives; there are European and other social media  
> available that take the protection of privacy rights of Internet  
> users far more serious. That they also may contain problematic  
> applications must not be a reason to remain idle towards Facebook,  
> but must prompt us as supervisory authorities to pursue these  
> violations. Users can take their part in trying to avoid privacy  
> adverse offerings.”
> To Internet users ULD offers the advice to keep their fingers from  
> clicking on social plug-ins such as the “like”-button and not to set  
> up a Facebook account if they wish to avoid a comprehensive  
> profiling by this company. Profiles are personal information;  
> Facebook is requiring its members to register their actual name.
> ULD has published its privacy evaluation of website analytics by  
> Facebook in German language on the Internet at
> https://www.datenschutzzentrum.de/facebook/
> This analysis will be continued, that is extended and specified.  
> Suggestions to ULD are welcome by e-mail to
> facebook at datenschutzzentrum.de
> For inquiries or in case of general further questions please contact:
> Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein
> Holstenstr. 98, 24103 Kiel, Germany
> Phone: ++49 (0)431 988-1200, Fax: -1223

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20110823/18c59d2d/attachment-0001.html 

More information about the WG-P3 mailing list