German court finds Facebook oversharing user data

web_photo_Facebook_page_061216

Facebook web page

Facebook web page

FRANKFURT - A German court has found that Facebook is breaching data protection rules with privacy settings that over-share by default and by requiring users to give real names, a consumer rights organisation said on Monday.

Under German law, personal information can be recorded and used by a company only with explicit agreement from the individual.

But Berlin judges ruled that Facebook leaves many settings switched on by default, failing to offer users a meaningful choice about how their data is used, plaintiffs the Federation of German Consumer Organisations (VZBV) said.

"Facebook hides default settings that are not privacy-friendly in its privacy centre and does not provide sufficient information about this when users register," VZBV legal expert Heiko Duenkel said.

Judges found five different default privacy settings were illegal, including sharing location data with chat partners or making profiles available to external search engines, allowing any internet user to stumble across them.

READ: Facebook slapped with R18.5m fine by Spanish data watchdog

The court also ruled eight paragraphs of Facebook&39;s terms of use invalid, most notably one that requires people to use their real names on the social network.

But it did not agree with the consumer advocates&39; claim that the firm&39;s slogan "Facebook is free and always will be" was misleading.

The VZBV said users were already paying to use the site -- but with access to their data, rather than cash.

Facebook could face fines of up to 250,000 euros (R3.66-million) per infraction if it does not fix its conditions in Germany, but the company said it would appeal the ruling.

"Our products and terms of service have changed a lot since the beginning of the case, and we are making further changes this year to our terms of use and data protection guidelines, with a view to upcoming legal changes," a spokeswoman told AFP.

Germany is a major market for Facebook in Europe, with around 30 million of the country&39;s 80-million-strong population signed up and almost 23 million using the network every day.

Along with Austria, it is one of the only European Union nations to have translated continent-spanning rules known as the General Data Protection Regulation (GDPR) into national law ahead of a 25 May deadline.

Monday&39;s judgment follows a December warning from Germany&39;s competition watchdog that Facebook was abusing its dominant market position to "limitlessly" harvest data from outside websites and apps.

The social network uses its connections to third-party websites and subsidiaries WhatsApp and Instagram to collect data on its users to enable hyper-targeted advertising.