Facebook – Cookies to be investigated in Germany

Christina Motejl

Facebook encounters more and more problems with Germany’s Data Protection Commissioners. Only last month, the Data Protection Commissioner of Schleswig Holstein, Thilo Weichert, announced proceedings against public authorities and companies in Schleswig Holstein that use Facebook’s Like-Button on their websites (see Datonomy post of 6th October). Mr. Weichert criticised that the Like-Button enabled Facebook to track users even if they had not clicked the button.

Now, Johannes Caspar, Hamburg’s Commissioner for Data Protection and Freedom of Information (HmbBfDI) has conducted an investigation into Facebook’s use of cookies, which enable Facebook to recognise its users even if they are not logged in or if they visit a third party website that uses an embedded Like-Button. According to Caspar, Facebook had reasoned that it uses cookies mainly for security reasons, such as youth or password protection. However, the Commissioner claims that this was essentially not true as most functions were optional and only activated after the users have given their approval. Therefore, Caspar suspects that Facebook uses cookies simply to create tracking profiles of users. Under German data protection law, tracking in form of the collection of personal data is not allowed if the users have not provided their consent. Even in case of a pseudonymized data collection, they have to be informed about the tracking and their right to object.

As a first reaction to Caspar’s accusation, Facebook indicated its willingness to discuss the technical mechanisms of its use of cookies. However, in a parliamentary committee hearing last month, Facebook also claimed that German data protection law would not apply to them.

They might have good reasons to do so – sec. 1 para 5 sentence 1 of the German Data Protection Law (BDSG) provides that the German data protection law does not apply to data controllers situated within a member state of the European Union or the European Economic Area that collect personal data in Germany, if they do not collect such data from a branch office situated in Germany. Facebook’s terms and conditions name Facebook Ireland Ltd. as contract partner of all users who reside outside the US or Canada. Accordingly, Facebook’s German subsidiary “Facebook Germany GmbH” claims to provide mere marketing activities for “the internet site of a social network”. If this was true, Irish Data Protection Law would in fact apply to Facebook’s European activities and only the Irish Data protection authorities would be competent to supervise Facebook’s data collecting activities. This is, however, a different situation for website owners residing in Germanywho use Facebook’s Like Button and are subject to German data protection law.

It remains to be seen if Facebook will risk the consequences of an open conflict with German data protection authorities which might eventually result in a German court ruling that German authorities are ultimately competent to regulate Facebook’s activities inGermany.

One thought on “Facebook – Cookies to be investigated in Germany”

  1. Hiya, I am really glad I’ve found this info. Today bloggers publish only about gossips and web and this is actually annoying. A good web site with interesting content, this is what I need. Thank you for keeping this web-site, I’ll be visiting it. Do you do newsletters? Can’t find it.

Leave a Reply

Your email address will not be published. Required fields are marked *