Facebook sued over App Center data sharing in Germany
Facebook should ask users' explicit consent before sharing their data with third parties, German consumer organizations say
IDG News Service - German consumer organizations are suing Facebook because the social network keeps sharing personal data with third-party app makers without getting explicit consent from users.
Third party apps often want access to a users' chat as well as information about friends, personal contact information and the ability to post on a user's Facebook wall. But instead of asking users for permission, the apps available through Facebook's App Center just grant themselves access to the data, the Federation of German Consumer Organizations (VZBV), said on Thursday.
Consent for such comprehensive data forwarding to the app provider was never provided by the user, the VZBV said. "Reason enough for the federation to start a new lawsuit against Facebook Ireland at the regional court in Berlin," it said. Facebook Ireland is responsible for all Facebook's activities outside of the U.S. and Canada.
The social network's data protection practices worsened instead of improved when App Center was introduced in July, VZBV said.
In the past, Facebook asked for user consent by showing a pop-up window that warned data was shared with third-parties, and a user had the choice to click on allow or not allow. But when the App Center was introduced that changed, said Michaela Zinke, policy officer at the VZBV. "I'm very confused why Facebook changed it," she said, adding that before Facebook complied with German law and now doesn't anymore.
The VZBV warned Facebook in August to change its App Center privacy practices, threatening legal action if it did not do so, a warning that appears to have been in vain.
"Behind Facebook is a brutal business model," the VZBV wrote. While the use of the platform is free, Facebook isn't a charitable institution but instead lets people pay for the use of the platform with their own data, the organization said. That personal data is combined and used to make comprehensive user profiles that are used for targeted advertising, it added.
"Particularly problematic is the fact that not only Facebook but also the app providers are accessing the data. This is exactly what many users do not realize," the consumer organizations said. Especially children don't realize their data is shared with third parties when they tap on "play this game", the VZBV said.
Facebook does show a limited list in small light gray text that describes access that will be granted to an app provider when the user decides to download an app, suggesting that the sharing of this data is allowed, the VZBV said. However, sharing data with third-parties is only allowed under German law after an explicit and informed consent of the user, it said. Facebook's App Center therefore clearly violates telecom and competition laws, it added.
Facebook thinks its practice is transparent enough and is "surprised and disappointed that VZBV feels it is a good use of their time and public funds to take legal action over minor details of how we provide this transparency and choice," a spokeswoman said in an email. "We are confident that consumers in Germany face much more serious issues than the size of fonts and the arrangement of particular words on our website," she added.
The social network has been under renewed data protection scrutiny in Germany and other European countries lately. Earlier this week for example privacy campaign group Europe vs. Facebook threatened to take the Irish Data Protection Commissioner to court if it is not satisfied with the DPC's final responses to its complaints about Facebook's privacy policies.
The group made the threat because it thinks the DPC did not act in the best interests of users when it audited the social network's privacy policies. While Facebook went beyond the recommendations by deciding to deleteA all facial recognition data it had stored about its E.U. users, Europe vs. Facebook thinks there is more that can be done to protect users' privacy better.
VZBV expects the first hearing in the case to take place in Summer 2013.
Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to firstname.lastname@example.org
- Social Media in Technology: A Unified Strategy for Success Find out how social media is sparking a new era of customer and industry-understanding in technology enterprises and how industry leaders are overcoming...
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Social Media White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!