Facebook Personal Data Use & Privacy Settings Ruled Illegal

Uploaded on 2018-02-19 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law, TECHNOLOGY-Key Areas-Social Media

Facebook’s default privacy settings and use of personal data are against German consumer law, according to a judgement handed down by a Berlin regional court.

The court found that Facebook collects and uses personal data without providing enough information to its members for them to render meaningful consent. The federation of German consumer organisations (VZBV), which brought the suit, argued that Facebook opted users in to features which it should not have.

Heiko Duenkel, litigation policy officer at the VZBV, said: “Facebook hides default settings that are not privacy friendly in its privacy centre and does not provide sufficient information about it when users register. This does not meet the requirement for informed consent.” 

In a statement, VZBV elaborated on some of its issues: “In the Facebook app for smartphones, for example, a location service was pre-activated that reveals a user’s location to people they are chatting to.

“In the privacy settings, ticks were already placed in boxes that allowed search engines to link to the user’s timeline. This meant that anyone could quickly and easily find personal Facebook profiles.” 

The Berlin court agreed with VZBV that the five default settings the group had complained about were invalid as declarations of consent. The German language judgment was handed down in mid-January, but only publicly revealed on last week. The court also ruled eight clauses in Facebook’s terms of service to be invalid, including terms that allow Facebook to transmit data to the US and use personal data for commercial purposes. 

The company’s “authentic name” policy, a revision of a rule that once required users to use their “real names” on the site, but which now allows them to use any names they are widely known by, was also ruled unlawful.

In a statement, Facebook said it would appeal, adding: “We are working hard to ensure that our guidelines are clear and easy to understand, and that the services offered by Facebook are in full accordance with the law.” 

A week after the Berlin court ruled against Facebook, the social network promised to radically overhaul its privacy settings, saying the work would prepare it for the introduction in Europe of the General Data Protection Regulation (GDPR), a sweeping set of laws governing data use across the EU. 

Sheryl Sandberg, Facebook’s chief operating officer, announced the changes, saying they would “put the core privacy settings for Facebook in one place and make it much easier for people to manage their data”.

Facebook has faced repeated attacks from European regulators, particularly those in Germany, over issues ranging from perceived anti-competitive practices to alleged misuse of customer data.

Since March 2016, the company has been investigated by the German Federal Cartel Office over allegations it breaches data protection law in order to support an unfair monopoly. 

In an interim update in December last year, the office said that it objected to the way Facebook gains access to third-party data when an account is opened.  This includes transferring information from its own WhatsApp and Instagram products, as well as how it tracks which sites its users access. 

Guardian

You  might Also Read: 

Facebook Enables 'Fake News':

Germany Gets Tough On Social Media:

 

 

 

 

« Bitcoin Energy Use In Iceland Soars
What Does The US Air Force Want From AI? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Leonardo

Leonardo

Leonardo (formerly Finmeccanica) is a global high-tech company in Aerospace, Defence, Security & Information Systems including Cybersecurity & ICT solutions.

360Logica

360Logica

360Logica is a software testing company offering numerous kinds of testing services to improve the quality and performance of your software and IT systems.

Indium Software

Indium Software

Indium Software is an Independent Software Testing Company offering software testing services (including security testing) and offshore Quality Assurance solutions.

Engineering Group

Engineering Group

Engineering is the Digital Transformation Company, a leader in Italy and with over 80 offices across Europe, the United States, and South America.

Secure Innovations

Secure Innovations

Secure Innovations is a cybersecurity firm dedicated to providing top-tier cyber security solutions for the Defense and the Intelligence Community.

National Cybersecurity Hub - South Africa

National Cybersecurity Hub - South Africa

The mission of the National Cybersecurity Hub is to be the central point of collaboration for cybersecurity incidents in South Africa.

OutThink

OutThink

OutThink is a web-based platform (SaaS) that has been developed specifically to identify and reduce risky workforce behaviours and build a risk aware culture.

24By7Security

24By7Security

24By7Security are Cybersecurity & Compliance Specialists with extensive hands on experience helping businesses build a defensive IT Infrastructure against all cyber security threats.

iSecurity Consulting

iSecurity Consulting

iSecurity delivers a complete lifecycle of digital protection services across the globe for public and private sector clients.

eXate

eXate

eXate provides pioneering technology that empowers organisations to protect, control and manage their sensitive data centrally, providing a complete data privacy solution.

VIRTIS

VIRTIS

VIRTIS' mission is to provide today's leading organizations peace of mind that their entire digital network perimeter is safe from hackers and data breach.

Enzen

Enzen

Enzen is a global knowledge practice that provides consulting, technology, engineering, operating and innovation services to the energy and utility sectors.

Hexens

Hexens

Hexens introduces a whole new approach to cybersecurity solutions. Indisputable skills and a unique super-focused perspective on every single case are the values we create.

FluidOne

FluidOne

FluidOne are an award-winning Connected Cloud Solutions provider. We design tailored solutions to help customers and partners digitally transform their IT and communications.

iomart Group

iomart Group

iomart is a cloud computing and IT managed services business providing secure hybrid cloud, network connectivity, data management, and digital workplace capability.

Sword Group

Sword Group

Sword is a leader in data insights, digital transformation and technology services with a substantial reputation in complex IT, business projects and mission critical operations.