Facebook encounters more and more problems with Germany’s Data Protection Commissioners. Only last month, the Data Protection Commissioner of Schleswig Holstein, Thilo Weichert, announced proceedings against public authorities and companies in Schleswig Holstein that use Facebook’s Like-Button on their websites (see Datonomy post of 6th October). Mr. Weichert criticised that the Like-Button enabled Facebook to track users even if they had not clicked the button.
They might have good reasons to do so – sec. 1 para 5 sentence 1 of the German Data Protection Law (BDSG) provides that the German data protection law does not apply to data controllers situated within a member state of the European Union or the European Economic Area that collect personal data in Germany, if they do not collect such data from a branch office situated in Germany. Facebook’s terms and conditions name Facebook Ireland Ltd. as contract partner of all users who reside outside the US or Canada. Accordingly, Facebook’s German subsidiary “Facebook Germany GmbH” claims to provide mere marketing activities for “the internet site of a social network”. If this was true, Irish Data Protection Law would in fact apply to Facebook’s European activities and only the Irish Data protection authorities would be competent to supervise Facebook’s data collecting activities. This is, however, a different situation for website owners residing in Germanywho use Facebook’s Like Button and are subject to German data protection law.
It remains to be seen if Facebook will risk the consequences of an open conflict with German data protection authorities which might eventually result in a German court ruling that German authorities are ultimately competent to regulate Facebook’s activities inGermany.