German authorities take Facebook to court over Irish privacy protection laws (or lack thereof) & lose
Irish law, and Facebook’s “sophisticated” European set-up of subsidiaries is preventing German data protection agencies from assuring its citizens’ privacy. Or so says Germany’s main data protection agency.
Germany’s Independent Centre for Privacy Protection in Schleswig-Holstein (UDL) was in court today with Facebook, hoping to force the site to allow its users to operate their accounts under pseudonyms or pen names (such as Twitter handles).
Under German law web users have the right to sign up and use websites anonymously, and under false names. The aim of the law is to promote free expression and criticism online.
Back in December the UDL issued Facebook with a writ demanding that it immediately allow users to operate their Facebook profiles under false names. Facebook appealed the demand, saying that since all the site’s European, Middle East, and African data is processed in its head offices in Ireland, this German law did not apply.
No similar privacy law exists in Ireland.
The case came to the German courts in February this year and Facebook won. The company was successful in arguing that it was subject to Irish, not German, data processing laws.
UDL’s Dr. Thilo Weichert launched an appeal, which came to court on Monday. Again the court found that Irish law took precedent over German law.
Dr Weichert said that he was disappointed by the ruling and worried for users’ privacy. He added that he was concerned that strict German privacy laws, designed to protect German web users and companies, has been undermined by Facebook.
Likening the practice to the use of tax havens, Dr Weichert said that there must be a European standard for data protection, so users aren’t endangered by states that lack “effective privacy controls.”