Facebook’s default privacy settings and use of personal data are against German consumer law, according to a judgement handed down by a Berlin regional court.
The court found that Facebook collects and uses personal data without providing enough information to its members for them to render meaningful consent. The federation of German consumer organisations (VZBV), which brought the suit, argued that Facebook opted users in to features which it should not have.
Heiko Duenkel, litigation policy officer at the VZBV, said: “Facebook hides default settings that are not privacy friendly in its privacy centre and does not provide sufficient information about it when users register. This does not meet the requirement for informed consent.”
In a statement, VZBV elaborated on some of its issues: “In the Facebook app for smartphones, for example, a location service was pre-activated that reveals a user’s location to people they are chatting to.
“In the privacy settings, ticks were already placed in boxes that allowed search engines to link to the user’s timeline. This meant that anyone could quickly and easily find personal Facebook profiles.”
The Berlin court agreed with VZBV that the five default settings the group had complained about were invalid as declarations of consent. The German language judgment was handed down in mid-January, but only publicly revealed on Monday.
The court also ruled eight clauses in Facebook’s terms of service to be invalid, including terms that allow Facebook to transmit data to the US and use personal data for commercial purposes. The company’s “authentic name” policy – a revision of a rule that once required users to use their “real names” on the site, but which now allows them to use any names they are widely known by – was also ruled unlawful.
In a statement, Facebook said it would appeal, adding: “We are working hard to ensure that our guidelines are clear and easy to understand, and that the services offered by Facebook are in full accordance with the law.”
A week after the Berlin court ruled against Facebook, the social network promised to radically overhaul its privacy settings, saying the work would prepare it for the introduction in Europe of the General Data Protection Regulation (GDPR), a sweeping set of laws governing data use across the EU.
Sheryl Sandberg, Facebook’s chief operating officer, announced the changes, saying they would “put the core privacy settings for Facebook in one place and make it much easier for people to manage their data”.