German competition watchdog tells Facebook to stop combining user data without consent

Social Network will appeal – for the people of Germany

Germany's competition watchdog has imposed "far-reaching" restrictions on Facebook's data slurping and sharing – a decision that the Social Network unsurprisingly plans to appeal.

Batman. Credit: DC Comics.

Autsch! Germany slaps Facebook in its abusive little face for 'limitlessly amassing data'


The Bundeskartellamt has said the Zuckerborg must not combine user data across its platforms or collect data from third-party websites and assign it to user accounts without users' consent.

If it doesn't have this consent, Facebook "will have to substantially restrict its collection and combining of data", and was told to start developing ways to ensure this doesn't happen.

The much-anticipated ruling comes in a case the authority has been considering since 2016. In a preliminary ruling issued in 2017, it accused Facebook of abusing its market dominance to "limitlessly amass" user data.

Today's decision echoed this, stating: "The extent to which Facebook collects, merges and uses data in user accounts constitutes an abuse of a dominant position."

The probe relates not to the processing of the data Facebook collects from its own platform, but how it pulls together info from other sources. This includes its subsidiaries WhatsApp and Instagram, and third-party sources, such as the "Like" button, or when sites use Facebook's analytics services.

"By combining data from its own website, company-owned services and the analysis of third party websites, Facebook obtains very detailed profiles of its users and knows what they are doing online," said Bundeskartellamt president Andreas Mundt.

The extent to which Facebook collects, merges and uses data in user accounts constitutes an abuse of a dominant position...

The slap-down on sharing data between its platforms comes as Facebook faces other probes in Europe over how the decision to merge Messenger, Instagram and WhatsApp will affect user data, having previously pledged not to cross-pollinate such datasets.

In a statement, Mundt emphasised that data collection and use is now a "decisive factor" in competition law, and that, in Facebook's case, it was the "essential factor" for it being able to establish a dominant position.

"On the one hand there is a service provided to users free of charge," he said. "On the other hand, the attractiveness and value of the advertising spaces increase with the amount and detail of user data."

He said that users of Facebook – which has a market share of more than 95 per cent of daily active users on social media in Germany – "practically cannot switch to other social networks".

In light of this market power, the authority said that "an obligatory tick on the box to agree to the company's terms of use is not an adequate basis for such intensive data processing".

"The only choice the user has is either to accept the comprehensive combination of data or to refrain from using the social network. In such a difficult situation the user's choice cannot be referred to as voluntary consent."

The Bundeskartellamt noted that it had worked closely with European data protection authorities in its investigation, and concluded that Facebook's terms of service, and the manner and extent to which it collects and uses data are in violation of EU rules.

Overall, it said Facebook had conducted what it described as exploitative abuse. "Dominant companies may not use exploitative practices to the detriment of the opposite side of the market, ie, in this case the consumers who use Facebook," it said.

"This applies above all if the exploitative practice also impedes competitors that are not able to amass such a treasure trove of data."

Its approach was "not a new one", the authority said, as it corresponds to existing case law from the Federal Court of Justice, in which "not only excessive prices, but also inappropriate contractual terms and conditions constitute exploitative abuse".

The authority's decision is not yet binding, as Facebook has a month in which to appeal to the Düsseldorf Higher Regional Court – and the firm today said it plans to do just that, "so that people in Germany continue to benefit fully from all our services".

"The Bundeskartellamt underestimates the fierce competition we face in Germany, misinterprets our compliance with GDPR and undermines the mechanisms European law provides for ensuring consistent data protection standards across the EU," it said.

Facebook included a helpful graphic showing what it says are its competitors – including apps like OK Cupid, Airbnb, Google Maps and shopping biz Wish, as well as the more obvious social media firms like Twitter and Snapchat.

It also trotted out its usual argument that people want highly tailored content, saying "using information across services helps to make them better and protect people's safety". ®

Similar topics

Other stories you might like

  • Amazon warehouse staff granted second chance to vote for unionization

    US labor watchdog tosses previous failed result in the trash

    America's labor watchdog has given workers at Amazon’s warehouse in Bessemer, Alabama, another crack at voting for unionization after their first attempt failed earlier this year.

    “It is ordered that the election that commenced on February 8 is set aside, and a new election shall be conducted,” Lisa Henderson, regional director at the National Labor Relations Board, ruled [PDF] on Tuesday.

    “The National Labor Relations Board will conduct a second secret ballot election among the unit employees. Employees will vote whether they wish to be represented for purposes of collective bargaining by the Retail, Wholesale and Department Store Union.”

    Continue reading
  • It's the flu season – FluBot, that is: Surge of info-stealing Android malware detected

    And a bunch of bank-account-raiding trojans also identified

    FluBot, a family of Android malware, is circulating again via SMS messaging, according to authorities in Finland.

    The Nordic country's National Cyber Security Center (NCSC-FI) lately warned that scam messages written in Finnish are being sent in the hope that recipients will click the included link to a website that requests permission to install an application that's malicious.

    "The messages are written in Finnish," the NCSC-FI explained. "They are written without Scandinavian letters (å, ä and ö) and include, for example, the characters +, /, &, % and @ in illogical places in the text to make it more difficult for telecommunications operators to filter the messages. The theme of the text may be that the recipient has received a voicemail message or a message from their mobile operator."

    Continue reading
  • AsmREPL: Wing your way through x86-64 assembly language

    Assemblers unite

    Ruby developer and internet japester Aaron Patterson has published a REPL for 64-bit x86 assembly language, enabling interactive coding in the lowest-level language of all.

    REPL stands for "read-evaluate-print loop", and REPLs were first seen in Lisp development environments such as Lisp Machines. They allow incremental development: programmers can write code on the fly, entering expressions or blocks of code, having them evaluated – executed – immediately, and the results printed out. This was viable because of the way Lisp blurred the lines between interpreted and compiled languages; these days, they're a standard feature of most scripting languages.

    Patterson has previously offered ground-breaking developer productivity enhancements such as an analogue terminal bell and performance-enhancing firmware for the Stack Overflow keyboard. This only has Ctrl, C, and V keys for extra-easy copy-pasting, but Patterson's firmware removes the tedious need to hold control.

    Continue reading

Biting the hand that feeds IT © 1998–2021