Data flows to the US: Why the EU Model Clauses may soon be no longer state of the art

Not long after the “Safe Harbor” decision and in the same context (data transfer to the US by Facebook) the Irish Data Protection Commissioner has decided to bring the EU-US data flows before the European Court of Justice (CJEU) (again).

Continue reading

Federal Administrative Court asks ECJ: Who is responsible for data processing on Facebook Fanpages?

With its decision from 25. Februrary 2016, the German Federal Administrative Court referred several interesting data protection questions related to the operation of a Fanpage on Facebook to the European Court of Justice (ECJ) (the whole decision can be accessed here, in German). The case number at the ECJ is C-210/16. Since there does until now not exist an English version of the reference for a preliminary ruling, you will find beneath a rough translation of some of the questions referred.
Continue reading

Facebook and the abuse of market power or the German Federal Cartel Office as data protection authority

The German Federal Cartel Office (Bundeskartellamt) has started preliminary proceedings against Facebook in early March, trying to find out if Facebook was misusing its market power to enforce abusive terms and conditions because of alleged data protection law violations. What sounds just like what antitrust authorities do, may in fact have a huge impact on Facebook and how it is behaving against its users.

Continue reading

German Regional Court: Consent necessary when implementing the Facebook Like-Button

On 9th March 2016, the Regional Court of Dusseldorf issued its ruling (pdf, German) in a proceeding between the consumer protection association of North Rhine-Westphalia and the company Fashion ID which concerned data protection issues surrounding the Facebook Like-Button.

The company had the well-known social plugin included on its website and informed website visitors about the plugin in its privacy policy, which was accessible via a link. In the privacy policy, the company informed that personal might be transmitted to Facebook and also provided a link to the privacy policy of Facebook. Below I will briefly discuss some aspects of the judgment. Continue reading

For bloggers and other content sharers: why framing of third party content does not violate third party copyright

The European Court of Justice (ECJ) has stated that framing of content (such as embedding Youtube videos or other content on blogs and other websites via link) does not violate the copyright of the author of the respective content. In particular, such framing is not considered a “making available to the public” according to the European directive on copyright in the Information Society (2001/29/EC) and section 19a of the German Copyright Act (“UrhG”). However, it can be derived from the court ruling that this applies only if the reproduction is not meant for a new audience and does not use a different reproduction technique.

Continue reading

Court Decision: Companies Allowed to run Fanpages on Facebook

The Administrative Court of Schleswig (Verwaltungsgericht Schleswig) held today in three parallel decisions that companies that run their own fanpages on Facebook are not responsible for the social network’s data collection and processing under German data protection law. Continue reading

Confiscation of Facebook Accounts in Criminal Proceedings

Social networks enjoy great popularity among online users. In Germany, more than 50 percent of all users surf on social networks on a weekly basis. In more than 50 percent the social network of choice is Facebook. But Facebook not only has the highest amount of users. They are also the most active, show the highest rate of general online activity (e.g. online shopping) and thus have the highest e-commerce-potential. Therefore, there has not been a way around Facebook for online shops for quite some time (more statistics on Facebook can be found here).

Now, there no longer seems to be a way around Facebook for state institutions, especially law enforcement agencies, neither.

Continue reading

CNIL’s Sends Second Questionnaire to Google on Google’s New Privacy Policy

Google’s new privacy policy is not that new, as it “went into force” on March 1. It is still big news in data protection terms, though, at least as far as European data protection authorities are concerned. CNIL, commissioned by the Art. 29 Working Party, has now sent a second rather comprehensive questionnaire to Google. Obviously they were not completely sold on Google’s answers to the first set of questions CNIL had sent in March. Continue reading

On Facebook Fan Pages

As you may have heard, as per the self-appointedly competent data protection authorities in Germany you may not set up and maintain a Facebook fan page, nor may you embed Facebook plugins into to your web pages (it’s true, read here, here, here, and here). If you do, you’re acting in violation of German data protection law. Continue reading

General Terms and Conditions and What That Means for Localizing Contracts to German Law

When you’re asked to localize contracts coming from a U.S. legal background so that they function under German law two very different legal worlds collide. Things just work differently over here. And things word differently over there. We draft our contracts differently, we use different language (which is why simply having a translator go over your documents just won’t cut it, much less asking uncle Google), our concept of selling and licensing software is nowhere near the “this software is licensed not sold” was of thinking, and so on and so forth. Nothing wrong with that, but it provides for some hard going sometimes.

One of the more peculiar concepts of German contract law is that of or our “Law on General Terms and Conditions” (Google Translator tells me that in English that should be “Legal terms and conditions of” which isn’t even close, so there…). In a nutshell, the idea is this: If, as a company, you work with standard contracts, i.e. a set of contractual documents that you have in your drawer all drafted to best fit your particular interests and ready to pull out for every new customer you want to do business with, the terms and conditions of those contractual documents are subject to the so-called “content control” (we Germans like control, as is well known). Continue reading