Germany Takes Legal Steps Against Facebook

crimeandpunishment writes "Not only are Germany and Facebook not friends, they might end up opponents in a courtroom. Germany has begun legal action over privacy. A German data protection official accuses Facebook of illegally saving personal data of people who don't use the site and haven't given permission to access their private information. Germany, which has also launched an investigation into Google over its Street View mapping program, has some of the strictest privacy laws in the world."

From TFA

[LockeOnLogic]

"Kohannes Caspar said his Hamburg data protection office had initiated legal steps that could result in Facebook being fined tens of thousands of euros for saving private information of individuals who don't use the site and haven't granted it access to their details."

I bet this is less than their monthly coffee expenses.

Re:From TFA

[SquarePixel]

Not when it is per individual.

It's kind of weird that Germany and Europe are now the safeguards of our privacy. On the other hand, they understand the reasons for that because of history. It seems like every other country in the world let big corporations like Google and Facebook do whatever they want.

Re:From TFA

Not when it is per individual.

It's kind of weird that Germany and Europe are now the safeguards of our privacy. On the other hand, they understand the reasons for that because of history. It seems like every other country in the world let big corporations like Google and Facebook do whatever they want.

You are right...except that it wasn't the corporations that destroyed Europe twice in a century. These laws protect the privacy of individuals from corporations and other individuals, but they do nothing to protect the privacy of the individual from the government (the real problem). These laws will do nothing if nationalism surges in Europe again.

Re:From TFA

[bickerdyke]

Nope. No class actions over here.

Also it's a fine, no damage, so it'll be payable only once.

Re:From TFA

[TheRaven64]

they do nothing to protect the privacy of the individual from the government

Really? In the UK, at least, the government is bound by the data protection act and government departments must disclose, for a small nominal fee, any information that they hold on you. They can also be required to delete it in some circumstances. Given that this act is an implementation of European legislation, I'd be surprised if this isn't the case in most of the EU.

Re:From TFA

[xtracto]

No, they are the safeguards of OUR privacy. If you live in a degenerate country and your government care more about corporations than taxpayers, then you are screwed (you are welcomed to move to Europe... that is what I did :))

Re:From TFA

[zoney_ie]

Going to be a lot if it is for each (individual) infringement. I imagine Facebook saves the email address, name, and sets up some kind of invisible profile with "guessed" friends etc. for each non-member that someone on facebook sends a join request to. That's a lot of people. Also it may even apply to those who later joined (a *LOT* more people).

I am not on facebook and regularly get their creepy emails that say "Hello 'Real Name', 'A Friend' wants you to join" and "You may know these people on Facebook: ".

It cannot come soon enough if they are prosecuted in Germany and I am reasonably sure what they are doing is illegal in other European countries, if not further afield also.

Re:From TFA

[agnosticnixie]

The corporations bankrolled both world wars and the rise of fascism.

Re:From TFA

[bickerdyke]

At least according to our history textbooks, the increasing poverty after the great depression, the very failure of corporations, was a big factor in the rise of fascism. Lots of poor people willing to support anyone for empty promises.

Look at how Saddam or AlQuaida buy the support of the local population by building a few schools and hospitals. If you have the chance to get your kids pneumonia treated in a hospital, you probably wouldn't care much about civil liberties.

Re:From TFA

[Hognoxious]

They can also be required to delete it in some circumstances.

Unless they're the police.

Re:From TFA

[drinkypoo]

At least according to our history textbooks, the increasing poverty after the great depression, the very failure of corporations, was a big factor in the rise of fascism. Lots of poor people willing to support anyone for empty promises.

I view it somewhat differently. The failure was dependence on the corporatism model. When a corporation breaks up the assets are divided between the creditors. When a co-op breaks up the assets are divided between the employees. Working for a corporation is a poor way to plan for your future.

Look at how Saddam or AlQuaida buy the support of the local population by building a few schools and hospitals. If you have the chance to get your kids pneumonia treated in a hospital, you probably wouldn't care much about civil liberties.

Just another reason why national health is important, of course. People who will go to work for BP because they're trying to support their family with medical care and whatnot.

strictest data privacy law

[kubitus]

rightly so!

-

and the Chaos Computer Club - and now also the Pirate Party.

and a constitutional court rejecting data-storage laws.

-

if you are not paranoid these days - then you are insane!

Strictest Privacy Laws (TM)

Some of the strictest privacy laws in the world, and for a reason. We've had a couple major incidents where ISPs (cough, Telekom) sold customer addresses, phone and mobile numbers to third parties for advertising, for example. I'm glad they're taking this seriously and hope that remark was meant as a praise.

Re:Strictest Privacy Laws (TM)

[bickerdyke]

for a good measure of it, probably yes.

OTOH, the allies were resonable enough to turn a a large enough blind eye to all the small fish. Prosecuting each and every "nazi" would have been a bit out of proportion, as almost everyone was forced into the military, or the party or some party organization. "Von der Wiege bis zur Bahre". It was a goal to get everyone into those organizations. So if they had try to lock up each party "member", 80% of the population would have ended up in prison.

And the other half of those privacy concerns comes from the exact opposite: The fear of the possibility of having a group singled out again, based on some stored data.

But we were too concerned with beeing afraid of state-run data-mining, that we didn't notice the big companies doing it already. Only over the last few years (GP mentione the Telekom affair) this is swinging back.

Re:Strictest Privacy Laws (TM)

[helix2301]

I agree the fine is small but I have a feeling this is going to be a bigger and bigger problem for Facebook as they branch out and expand across the globe. This is not the first time Facebook has been sued or fined over privacy issues.

Re:Strictest Privacy Laws (TM)

[Torvac]

not only that, the german registry offices are still allowed to sell your informations and they do. to banks, insurance companies, religious institutions , the gez (gestapo like org. collecting money for tv stations) etc.

Re:Strictest Privacy Laws (TM)

[Jedi+Alec]

It's a shot across the bow...in a "comply or else" sense.

You start off with 10k, and in case of non-compliance you make it 100k, and then 1M. At some point someone will figure out the formula and reckon that the next one might actually hurt.

the War on Privacy continues..

Yeah... and Facebook recently inked a big money deal with Activision-Blizzard, and now the latter has pushed out RealID into WoW, and they just announced that for SC2, and in a few months also for WoW, all forum posts in the official forums are going to have players' real names (first and last name) attached to them. That thread has over 35,000 posts in it already in it from irate WoW players, many of them (including myself) have already cancelled their accounts.

Oh, but Blizzard's own forum moderators won't have THEIR names revealed, because they "cannot risk having their personal lives compromised by in-game issues". But they have no problem selling out their own customers.

Its been a long time since I saw such a dickwad move by an MMO company. This rivals Star Wars Galaxies NGE in terms of betrayal of the player-base by Blizzard.

Re:the War on Privacy continues..

[Corbets]

Its been a long time since I saw such a dickwad move by an MMO company. This rivals Star Wars Galaxies NGE in terms of betrayal of the player-base by Blizzard.

On the plus side, it's likely to result in fewer "dick-waddings" in forum posts. ;)

Re:the War on Privacy continues..

[prionic6]

I don't understand the reasoning here... If you pirate it, you can't post on the Blizzard forums anyway. If you buy the game, you can, but only with your real name. So just don't use their forum system...

Re:the War on Privacy continues..

[TheRaven64]

If you disagree with a company's policies, it's a good reason not to buy their product. Deciding to pirate it, on the other hand, shows just how little your principles are worth to you - less than the entertainment afforded by a computer game, apparently.

Considering the data-collection craze...

[Opportunist]

When you think how eager the German government is to collect, filter, file and dissect data passing through the internet pipes, the whole deal feels a bit hollow and like a publicity stunt more than actual concern of their citizens private information. I'd prefer Google and Facebook doing it. I can still NOT give them my data if I so please. It's a bit harder with a Government that badgers ISPs to install sniffing bridges for something not much different from a (warrantless) wire tapping.

Or they just want to eliminate any competition in the field of selling German people's private data, dunno...

Re:Considering the data-collection craze...

[robot+marvin]

the last email from facebook I received had following footer " This message was intended for z.yx@xyz.xz. If you do not wish to receive this type of email from Facebook in the future, please click here to unsubscribe. Facebook, Inc. P.O. Box 10005, Palo Alto, CA 94303 " I do not have an account but I can unsubscribe to NOT receive such emails ! where is the choice - there is no choice they just store data from people who never or have not anymore an account with them. sorry they are not to be trusted and any legal action which tries to rectify things is more then appreciated.

Re:Considering the data-collection craze...

[S.O.B.]

When you think how eager the German government is to collect, filter, file and dissect data passing through the internet pipes, the whole deal feels a bit hollow

Citation please.

Re:Considering the data-collection craze...

[houghi]

The fact that the government does something wrong does not make it right for companies to do it. The excuse "But he did it first" is pretty much kindergarten-policy to me.

So I do like what that government is doing against Google and Facebook and I don't like what it does itself. I am not rooting for or against companies/governments. I root for privacy.

Re:Considering the data-collection craze...

[bickerdyke]

http://yro.slashdot.org/story/10/03/02/1254212/German-Data-Retention-Law-Ruled-Unconstitutional?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+(Slashdot)&utm_content=Google+Reader

Yes, it has been stopped, for now. But not by the gouvernment but by the constitutional court. Politics already trying to modify it just enough to be not in violation of the constitution.

more of that story would be available in german.

Re:Considering the data-collection craze...

[TheEyes]

Besides, if tax dodgers respond to crackdowns by leaving the country, well, good riddance. One way to get rid of a leech is to get rid of them, so at least they're not siphoning state resources away from everyone else. Let them leech off another government instead, if they can (let's see you get better services from a bankrupt government like Greece, where large portions of the populace refuse to pay taxes).

Re:Considering the data-collection craze...

[Eivind+Eklund]

It's about other people giving them your data.

As far as I understood from the article, the main thing was about emails taken from previous contact attempts (address books) and used for spamming.

Re:Considering the data-collection craze...

[ultranova]

Why should you surrender over 50% of your income to a faceless state?

Why would having a "face" matter? The money goes to upkeep roads, law, and civilization in general.

In most society there usually is a silent agreement between the state and the intelligent/smart/fortunate ones in order to allow the latter to indulge themselves. IMHO "Peitschen" Peer showed arrogant disregard which didn't do Germany any favours. Naive and full of himself.

So basically, you are accusing Peer of demanding that the self-declared aristocracy be bound by the same laws as everyone else? And you have the never of accusing him of being full if himself?

And no, in "mos societies" there is no such agreement. Corruption is generally frowned upon.

Re:Considering the data-collection craze...

[ultranova]

That is the line sold to the people, but it's wrong. A government is an organization to consolidate and maintain power. Look at ancient Rome, it had millions of slaves, it had near constant wars, it had public torture and execution. But we regard it historically as a great civilization.

Historically, it was. The key word here is "ancient": Rome was a good place for its time. We nowadays consider Hammurabi's Law - "an eye for an eye, and a tooth for a tooth" - to be horribly barbaric; but it's actually advocating the forward-thinking, touchy-feely position that the punishment should be proportional to the crime, rather than whatever the victim's anger drives him to inflict. It's asking for people to become better, just as all those things in the Old Testament people nowadays like to quote as evidence of abrahamic religions being horrible do; and we have become better, which is why the earlier worst acceptable behaviour now seems barbaric. I can only hope that our descendants a thousand years from now will consider us to be barbaric.

The government should serve the people. Hold it to that standard, don't let it just pay lip service to it. Demand that it serve you. The government sold you a line? Okay, hold it to it, don't be satisfied with anything less. Modern governments are better than Roman dictators or Kings of Divine Right, but only because people demanded that they be better. Don't let them or us slip back, make them ever better. Keep the progress going, and maybe - just maybe - we'll someday conquer the stars.

Germany

[pinky99]

I find it funny: This is the a case of the data protection office of Hamburg, a city/federal state in Germany, not Germany. If a city in the US is preparing a case, would the title also be "US takes legal steps"?

good!

[StripedCow]

It really strikes me as odd that such generic information as for example Facebook and Twitter are storing is kept by private companies. I mean, imagine that e-mail had been invented by Twitter, then all e-mail addresses would have been ending in "@twitter.com" and we would all rely on a private company that would have had insight into all our communications. How long would it have taken us to conclude that such a situation is absurd? Five years? Ten years? Forever?

Of course, someone should be running the servers, but a federated approach would be much better.

Although probably nobody at the upper layers of the German government realizes this, these legal steps of Germany at least raise attention on the importance of privacy.

Re:good!

[TheRaven64]

Maybe you should look a bit more at the history of email. That's exactly the same situation that we had up until the early '90s. There were lots of bulletin board systems (BBSs) and online service providers (OSPs) that you could dial into with a modem. You'd send emails to other users of the same service by uploading it to their servers and having someone else dial in and collect it later. Very few of these were federated, so you'd have a lot of different email addresses. A few BBSs used something like UUCP for dialing in to each other and forwarding emails, but it was by no means universal.

Then people started connecting to the Internet, and a lot of OSPs (e.g. AOL and Compuserve) tried to become ISPs as well, maintaining their walled garden and also giving access to the Internet. To make things more attractive to their customers, they allowed their internal email addresses to function as Internet email addresses too. You could use 12345 to send a Compuserve email to CompuServe user 12345, but 12345@compuserve.com also worked as an Internet email address.

Over time, people stopped bothering with the purely internal email addresses. We've seen this happen with postal mail, with telephones, with email, and with IM, but now people once again buying in to the walled garden approach for social networking. There's a saying or something about people not studying history...

Re:good!

[betterunixthanunix]

I mean, imagine that e-mail had been invented by Twitter, then all e-mail addresses would have been ending in "@twitter.com" and we would all rely on a private company that would have had insight into all our communications. How long would it have taken us to conclude that such a situation is absurd? Five years? Ten years? Forever?

That depends on who you mean by "us." There was once a time where email was confined to a single computer system; people realized that it would be nice to exchange email messages with users of other systems, and so they devised ways to get their computers to interoperate. These days, though, things are very different: Twitter and Facebook do not exist for the purpose of serving their users, they exist to turn ever higher profits, and interoperability would be detrimental to that. The user mindset is also different; instead of asking, "Why can't Facebook interoperate with Myspace?" they instead think, "I have friends who are not Facebook users, I will encourage them to join."

Germany SWIFT banking data

Germany should take SWIFT to court over the handing over of banking data. I know you think that this is old history, but it isn't. TODAY the EU Parliament will vote in favour of letting the USA have full access to SWIFT's bank data under the guise of anti-terrorism.

The only safeguard is a 'supervisor' from the EU.

But what the EU Parliament is doing is not legal, they cannot overrule national bank privacy laws, and thus cannot prevent Germany taking SWIFT to court over handing German data over to the US. Likewise in some places it is a criminal offense to hand over that data, and those countries can seek arrest of SWIFT, even if EU says they're fine with it.

Of course the USA rejected calls for Europe to see US bank data, and SWIFT continues to claim it is too big a task to filter their 15 million transactions a day.... right..... only 15 million transactions a day is too big an amount of data to filter...

Admirable privacy laws

[anorlunda]

I lived in Sweden in the 80s. Sweden's privacy laws are a bit like Germany's.

The most important thing they did was to require any computer owner to get a license from the government to store personal data. To get the license, they had to lay out what data and what the reasons were for storing it.

Effectively, the law prohibited all personal data applications (and storage) except those that are permitted. In the USA, everything is permitted except that which is prohibited.

I think they finally backed off enough to allow PC owners to keep an address book for personal use without a license, but it was still very strict.

In reality, I would probably hate it if the US government tried the same law. It is so inept that the waiting time for licenses would be years and would require the aid of expensive lawyers. Still, I admire what Sweden was able to accomplish. The giant corporation that I worked for over there thought long and hard before putting customer data in a database.

Re:Admirable privacy laws

[Dr.+Hok]

That's fairly crazy to me. If it's legal to keep and store data in paper records without a license, I see no reason why a computer should be treated differently - it's just a more efficient way of doing the same thing.

There is a big difference. You said it yourself: Efficiency is the answer. As an example, consider a criminal who looks for potential victims to blackmail. Let's say he has access to huge unrelated data sets about people who work in high government positions or have access to lots of money, who have an alcohol problem, or a money problem, or little children, or a police record of certain nasty habits.

It would take forever to correlate these data sets if they were on paper. OTOH, in a computer DB it'd take you a few lines of SQL and a few seconds to find your victims. Of course, this example is totally made up, but you might be able to map it to a more realistic scenario.

Re:Admirable privacy laws

[xaxa]

That's fairly crazy to me. If it's legal to keep and store data in paper records without a license

It isn't in the UK -- the laws apply equally to both paper and electronic records. "Data" as covered by the Data Protection Act includes "information which is being processed by means of equipment operating automatically in response to instructions given for that purpose," (i.e. a computer), and "any set of information relating to individuals to the extent that, although the information is not processed by means of equipment operating automatically in response to instructions given for that purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular individual is readily accessible". See here

I don't know about Sweden, but in the UK there are specific exemptions for individuals holding personal data like an address book.
"The most comprehensive exemption applies when personal data is processed by a data controller who is an individual (not an organisation) only for the purposes of their personal, family or household affairs.

Example
An individual keeps a database of their friends’ and relatives’ names, addresses and dates of birth on their PC. They use the database for keeping track of birthdays and to produce address labels for Christmas cards. The domestic purposes exemption applies to this type of processing.

Example
An individual records the highlights of their summer holiday on a digital camcorder. The recording includes images of people they meet on holiday. Although those digital images are personal data, the domestic purposes exemption applies.

None of the data protection principles apply in these circumstances, nor do any of the rights which the Act gives to data subjects. There is also no need to notify the ICO about processing for these purposes.

So there is an almost total exemption from the Data Protection Act for individuals who just use personal data for their own domestic and recreational purposes. However, the Act still applies to the extent that the ICO may investigate if someone seems to have gone beyond the scope of the exemption, and we may take enforcement action where necessary."

Related news

[gencha]

What I find the most fascinating about this, is that Facebook read the address book out of people's iPhone to find new friends for them online. And the collected data is permanently stored. German article: http://www.spiegel.de/netzwelt/web/0,1518,697733,00.html I don't know if this is the issue described in TFA as the site seems slashdotted.

Re:Related news

[drinkypoo]

What I find the most fascinating about this, is that Facebook read the address book out of people's iPhone to find new friends for them online. And the collected data is permanently stored

Facebook will do the same with gmail, but presumably will not read either without your permission. What I find most fascinating is that the german website you sent us to attempts to set three cookies on my PC. Why does it need three? I haven't identified myself to the website, why does it need any?

I would read your article but google translate cannot translate it. Please post an english article, as this is an english-speaking site, or post a translation. I wouldn't post a bunch of links to english papers on Krautdot.

Only if they stop

[aepervius]

If they continue breaking privacy law, the fine will continue, and increase.

Re:Only if they stop

[MeNeXT]

What gives Germany jurisdiction, anyway? Could FaceBook just move a few of their servers?

Holding information on it's citizens, that's what gives Germany jurisdiction.

Re:Only if they stop

[Doctor+Faustus]

Holding information on it's citizens, that's what gives Germany jurisdiction.

That's why Germany cares. It doesn't give FaceBook a reason to care what Germany thinks.

Re:Only if they stop

[ivucica]

I'll blow my mod points for this: Facebook is permitted not to pay, but Germany is also permitted to ... let's say it like this, not expose its citizens to dangers of Facebook. If they broke the law in Germany, their services can be expelled from Germany, with easiest thing already disconnecting millions of users in Germany from Facebook: "Hey, mr. DNS Person from the ISP, please point www.facebook.com to this IP... kthxbye"

Re:Only if they stop

[Bing+Tsher+E]

What is to stop a German who wants to use FB from using OpenDNS?

We're talking about someone who wants to use FB. How would they ever figure out how to use OpenDNS?

Re: Prosecuting each and every...

[TaoPhoenix]

PseudoQuote: "Unfortunately, the RIAA's Allies were not reasonable enough to turn a blind eye to all the small fish and tried to prosecute each and every copyright infringer, despite being out of proportion. It was a goal to get everyone."

(Can I claim the copyright on Reverse-Godwin, the art of taking threads about Nazis and steering them into MAFIAA discussions?)