The Administrative Court of Schleswig (Verwaltungsgericht Schleswig) held today in three parallel decisions that companies that run their own fanpages on Facebook are not responsible for the social network’s data collection and processing under German data protection law.
In November 2011 the Independent State Center for Data Protection (in German: Unabhängiges Landeszentrum für Datenschutz or ULD) of the German state Schleswig-Holstein had demanded from various companies that they shut down their Facebook pages and threatened to fine them with a penalty of up to 50.000 €. The ULD claimed that via those pages Facebook collected the users’ personal data in breach with German data protection law.
Three of the attacked Schleswig-Holstein based companies sued against the ULD and the Center’s chief data protection officer before the Administrative Court of Schleswig (Court’s references: 8 A 218/11, 8 A 14/12, 8 A 37/12). The court decided in favor of the companies and against their responsibility for the collected data. In brief, the court reasoned that only Facebook as the platform itself was responsible for the data collection and data processing in connection with the fanpages on which the single operators of the company pages had no influence.
Because of its relevance for the growingly important social media marketing and the fact that similar issues are likely to occur on other platforms like Google+ or Twitter receives a lot of attention in the media. Commentators rarely omit to mention that this was not the first defeat suffered by ULD’s chief data protector Thilo Weichert in his struggle against Facebook, see also our previous blog post of May 2013.
The court, however, decided that the verdict was appealable so there might be a next round to this. One of the successful claimants was represented by JBB Rechtsanwälte so we will be reporting on this.