Facebook in breach of German data protection law

Following a lawsuit brought by the Federation of German Consumer Organisations (Verbraucherzentrale Bundesverband – VZBV), the court found that parts of the consent to data usage obtained by the company are invalid.

In a statement, Heiko Dünkel, litigation policy officer at VZBV, said: “Facebook hides default settings that are not privacy-friendly in its privacy centre and does not provide sufficient information about this when users register. This does not meet the requirement for informed consent.”

The court agreed with VZBV that the five default Facebook settings on Facebook that the body had complained about were invalid as declarations of consent. Facebook did not meet the requirements around consent as some default settings are pre-activated.

The court also ruled that another eight clauses in Facebook’s terms of use are invalid, including pre-formulated declarations of consent which allow the company to use the name and profile picture of users for commercial purposes and to transfer their data.

A clause obliging users to use only their real name on the website was also ruled unlawful. 

Facebook has said it plans to appeal.