Slashdot Mirror

← Back to Stories (view on slashdot.org)

German Court Rejects Apple's Privacy Policy

Posted by Soulskill on from the privacy-policies-need-more-than-one-button dept.

redletterdave writes "A German court rejected eight out of 15 provisions in Apple's general privacy policy and terms of data use on Tuesday, claiming that the practices of the Cupertino, Calif. company deviate too much from German laws (Google translation of German original). According to German law, recognized consumer groups can sue companies over illegal terms and conditions. Apple asks for 'global consent' to use customer data on its website, but German law insists that clients know specific details about what their data will be used for and why."

26 of 124 comments (clear)

  1. To be fair by Vombatus · · Score: 4, Insightful

    It must be hard to ensure that every jurisdiction on earth will be happy with everything that you do

    --
    This sig is intentionally blank
    1. Re:To be fair by gl4ss · · Score: 3, Insightful

      It must be hard to ensure that every jurisdiction on earth will be happy with everything that you do

      it's not that hard. just go by the german definition.

      --
      world was created 5 seconds before this post as it is.
    2. Re:To be fair by AuMatar · · Score: 4, Insightful

      You don't have to- you only have to make sure its legal in the countries you sell it in. Germans aren't suing because of Apple violating their law in America, they're suing them for violating it in Germany. If you aren't willing to abide by the laws, then don't sell in that country.

      --
      I still have more fans than freaks. WTF is wrong with you people?
    3. Re:To be fair by Stolpskott · · Score: 4, Insightful

      it's not that hard. just go by the german definition.

      But that means that leaving your towel on a sun lounger before breakfast to reserve that sun lounger for your sole use is perfectly acceptable!

      As with any other internationalized business, though... either you tailor your offering to match the requirements or lack thereof of local laws in each case, or you put together a "one size fits all" policy that incorporates the strictest interpretation of each element of local legislation in individual countries.
      Apple and other international businesses might complain about the complexity of either approach, but that is part of the cost of doing business in an international environment. Suck it up.

    4. Re:To be fair by PolygamousRanchKid+ · · Score: 2

      As with any other internationalized business, though... either you tailor your offering to match the requirements or lack thereof of local laws in each case, or you put together a "one size fits all" policy that incorporates the strictest interpretation of each element of local legislation in individual countries.

      Yes, web sites need to be careful what they show in different countries. For example, a photo in the "Victoria's Secretions" catalog might be harmless in Europe, but get your balls amputated in a Muslim Brotherhood 'hood.

      I noticed that WebSphere Portal Server actually has some configuration stuff, so that you can block pages for specific areas.

      --
      Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
    5. Re:To be fair by gnasher719 · · Score: 4, Informative

      You don't have to- you only have to make sure its legal in the countries you sell it in. Germans aren't suing because of Apple violating their law in America, they're suing them for violating it in Germany. If you aren't willing to abide by the laws, then don't sell in that country.

      Germans are not actually suing. They don't need to sue. Parts of Apple's policy have been declared invalid, which means that legally these parts don't exist.

    6. Re:To be fair by hydrofix · · Score: 5, Insightful

      Err.. The European privacy laws are pretty much common sense. Just consider that people have the right to know what personal information is stored of them. If you are open about what information you collect, you should have no problem. But if you want to obscure what information you collect or collect more information than you openly admit, you are going to have a bad time.

    7. Re:To be fair by Sockatume · · Score: 5, Insightful

      Given that the invalidated parts give Apple permission to do certain things with the data, Apple now has to stop doing those things, or it will be open to legal action.

      --
      No kidding!!! What do you say at this point?
    8. Re:To be fair by moronoxyd · · Score: 2

      And, it costs money to have privacy policies updated and policed so they are legal in multiple markets

      You know what I fear?
      That Apple does just what you describe: Change the words of their privacy policies, but don't actually change the processes used to handle data.

    9. Re:To be fair by gnasher719 · · Score: 4, Informative

      You know what I fear?
      That Apple does just what you describe: Change the words of their privacy policies, but don't actually change the processes used to handle data.

      But the _words_ of their privacy policy _is_ what was wrong. Nobody in Germany requested Apple to change its policies; they requested that Apple lists precisely what they do so that customers can make an educated decision whether to agree or not.

    10. Re:To be fair by soccerisgod · · Score: 4, Insightful

      Strawman. You're not responsible for what happens with the data in transit to you, but you are responsible for a) what data you take from your customer (via app on the phone, for instance, reading out the phonebook) and you are responsible for what you do with the data once it has arrived at your end.

      Actually, that's wrong. If you are sending the data from your application on the user's device to yourself, you're also responsible for what happens in transit: You could easily crypt the information.

      --
      If a train station is a place where a train stops, what's a workstation?
    11. Re:To be fair by moronoxyd · · Score: 2

      No. They expect Apple to follow the law.
      The law does not only talk about the wording of your privacy policies, but your actual conduct.

    12. Re:To be fair by AmiMoJo · · Score: 4, Informative

      If you or your system is sending me personal information, then you can assume it's been stored somewhere, multiple times, and will be used for whatever purpose forever, and can't be deleted.

      The EU and most member states have strict laws forbidding that. You have to justify storing any personal data, there are limits on what you can do with it, you can't keep it forever and must delete it under certain circumstances.

      If it gets transmitted in the clear, consider it stored and used for ANY purpose.

      In both the EU and US that would render the intermediate nodes routing the traffic liable for its content. In order to avoid liability they must not use the data in any way, merely pass it along.

      It would be like sending a message on a post card then getting mad that people can see what you wrote, copy it, and do whatever they want with the copy.

      It is actually illegal to open sealed envelopes not addressed to yourself here. That's why most banks don't send statements on the back of a postcard.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    13. Re:To be fair by AliasMarlowe · · Score: 2

      a photo in the "Victoria's Secretions" catalog

      Those photos sound wilder than the ones in the "Victoria's Secrets" catalog...

      --
      Those who can make you believe absurdities can make you commit atrocities. - Voltaire
    14. Re: To be fair by yacc143 · · Score: 2

      Well, the problem is that European privacy guidelines are a completely foreign concept to US data collection practices.

      Ok, let's detour slightly: A typical US american has a couple of "fundamental rights", and the moment someone threatens them, get up in arms. E.g. most jurisdictions have at least a little weaker Freedom of Speech rights. Now Germany considers Privacy (and a number of related concepts releveant to IT) a fundamental Human right. As in, your data is yours. And by default companies (and even the public administration) are required to do their business by recording the minimal amount of data possible. And as long a company has no business relationship with you, they ought to record NOTHING that can be traced back to you.

      Now how's that relevant? I mean Germany is just but one country. Well, the EU legal framework around Privacy usually trails the German concepts by one iteration. (The EU usually uses laws that need to be enacted into local law by local member countries, and they usually define only the framework).

      The next interesting tidbit is that German courts have been usually in the fore when it comes to protecting privacy, so Apple should not hope to appeal this away, the higher Courts are usually even more stringent on privacy and citizen rights.

      Last but not least, Germany has a curious legal setup, including a number of constitutional provisions that are eternal, as in they cannot be ammended away, you have to go the route of replacing the whole constitution, which is practically means that the traditional "Rent-a-Politician" route works only up to a certain level, the Constitutional Court has been kicking in governmental teeth all the time.

  2. Germany and proteciton of privacy. by fazig · · Score: 3, Informative

    With organisations like the StaSi and GeStaPo in more recent German history, the protection of the individual's privacy is a serious issue in Germany.
    Now and then politicians try to create another surveillance state for example to fight "child pornography", but fortunately they haven't succeeded to enact their crazy laws so far.

    1. Re:Germany and proteciton of privacy. by Anonymous Coward · · Score: 2

      Neat defense of Google 'they're bad, but not as bad as the Stasi'

  3. Re:better idea by AuMatar · · Score: 5, Informative

    Why should it be on the people? If the company doesn't want to follow their laws, they shouldn't sell their stuff in that country. By choosing to operate in Germany, they have to follow German laws for products sold in that country. Don't like it, decide not to sell there.

    --
    I still have more fans than freaks. WTF is wrong with you people?
  4. Re:better idea by Anonymous Coward · · Score: 4, Insightful

    The injustice here isn't to Apple, it's to other potential customers. One group of people is needlessly imposing their views of privacy on another group; instead of saying "I don't like Apple's privacy terms, so I don't use them", they say "I don't like Apple's privacy terms, so I am going to prevent you from using them as well".

    Wrong. German law says that what Apple is doing is illegal, so they have to stop or they are going to be fined. And please read again what this issue is about. Apple can very well collect personal data and provide services that use them, they just have to inform customers what they are collecting and for what purpose, so the customers can make an informed decision. Their current privacy policy basically says: "We collect whatever data we want, we do whatever we want with it and reserve the right to share it with anybody". That is simply not allowed and has to change, so please enlighten us where you see any injustice.

  5. Re:better idea by Eunuchswear · · Score: 4, Insightful

    Why should it be on the people? If the company doesn't want to follow their laws, they shouldn't sell their stuff in that country.

    It should be "on the people" because some people may not have a problem with policies and may want to do business with Apple anyway.

    Absolutely. Everyone should be free to decide which bit of the law of the land they want to follow.

    I, for example, can't see why we are not allowed to burn glibertarians in the public parks.

    --
    Watch this Heartland Institute video
  6. I've got this one by smittyoneeach · · Score: 3, Funny

    And then governments get the notion to sue, which of course raises messy issues of jurisdiction, discovery, &c.
    1. So Apple pays a fine to Germany.
    2. Germany bails out Greece.
    3. Euro crisis solved. Profit!!!
    Screw you, Underpants Gnomes!

    --
    Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
  7. Re:better idea by moronoxyd · · Score: 3, Informative

    It should be "on the people" because some people may not have a problem with policies and may want to do business with Apple anyway.

    What's your point?
    The basis of the complaint was, that Apple is not transparent about what it does with the data collected.
    If they are transparent about it and tell the users what exactly thy are going to do with the data BEFORE any data is collected, they're basically fine.
    And then the users who are fine with can use those services.

    But Apple, like many other companies, wants to have the right to do anything without telling what they do.

    The European data protection laws lay the groundwork for users to be able to decide freely what services to use and what not.
    The basis for a free decision is INFORMATION.

  8. Re:better idea by Anonymous Coward · · Score: 4, Insightful

    You need to forgive him. He is American, and over there laws only apply to regular people. Not to companies, and especially not to the rich (and Apple is both of those).

    Companies can ignore the law all they want, and if someone disagrees, he can stop buying their product.

    The whole concept of the law applying equally to everybody is foreign to them. Not that it always work that way in Europe, but it works often enough that we are used to the concept, and don't start arguing against it when it does work.

  9. Re:better idea by Rockoon · · Score: 2

    But Apple, like many other companies, wants to have the right to do anything without telling what they do.

    Hate to be a defender of Apple, but you just took shit out of your butt and added it to the argument.

    The issue is that they arent telling what they do, not that they "want to have the right to do anything." These things are not mutual, so you don't get to argue as if they were.

    Is it really so hard to stick to the substance here? Seriously.. it isn't... you could bash apple for a week without having to pull shit out of your ass, so why are you pulling shit out of your ass? Every time you reach for your ass, you look like you've got nothing.

    --
    "His name was James Damore."
  10. Re:better idea by Anonymous Coward · · Score: 2, Insightful

    However, you fuckers need to get bent if you think it's actually possible to comply with those laws at a technical level.

    The iTunes store is very good at identifying and limiting access to country specific content, IMHO it is not a technical problem to comply to country specific terms and conditions.

  11. I've no time to check, but .... by Robert+Frazier · · Score: 3, Insightful

    It would be interesting to know whether there is anyone who holds both of the following positions.

    1. The German finding is unfair to Apple because Apple, quite reasonably, shouldn't be required to follow the law of every land in which it does business..
    2. Criticising Apple for caving in to the censorship requirements of the Chinese government is unfair to Apple because Apple, quite reasonably, should be required to follow the law of every land in which it does business.

    Best wishes,
    Bob