Estimated reading time: 2 minutes, 3 seconds

What Facebook’s German Rebuke Means for Data Security

A recent regulatory ruling against Facebook applies only to users within Germany, but it could reverberate for information security professionals far more widely.

Under existing policy, Facebook users must either agree to the company’s terms of service or not use the social-media platform at all. This practice has allowed Facebook to gather data about what its users do on millions of other sites, information the company has used to dominate personalized advertising.

On February 7, Germany’s competition authority ordered Facebook to change the way it handles user data. The German Federal Cartel Office’s decision intensifies the importance of data protection by transforming it from a privacy issue into an antitrust matter, according to multiple reports.

As The New York Times reports, the FCO ruled that Facebook must give users a voluntary say over whether it can collect and combine their data from third-party sites, including WhatsApp and Instagram, which Facebook owns. Germans who choose not to permit this use of their data must still be allowed to use Facebook. The ruling breaks new ground on how organizations use personal data, experts say. “It’s a landmark decision,” Clifford Chance lawyer Thomas Vinje told Bloomberg News. “‘It is the first big case decided by any competition authority in the world squarely focused on issues around the collection and combination of data.”

Although the move affects only 32 million of Facebook’s 2 billion active monthly users, its ramifications don’t stop there. “The Facebook decision is quite a fundamental decision,” FCO president Andreas Mundt told the Times. “If we have similar companies creating similar problems, of course, one could take a look at those as well.”

Facebook said it disagreed with the FCO’s decision and plans to appeal. In a statement, Facebook officials cited the company’s compliance with Europe’s sweeping new data-privacy rule (the General Data Protection Regulation, or GDPR) and said this “decision misapplies German competition law.”

Europe’s data protection supervisor, Giovanni Buttarelli, wrote a blog post supporting the FCO’s move, “This case is the tip of the iceberg—all companies in the digital information ecosystem that rely on tracking, profiling and targeting should be on notice.”

The decision, TechCrunch reports, also “hints at an alternative way forward for regulating the dominance of digital monopolies: Structural remedies that focus on controlling access to data which can be relatively swiftly configured and applied.” Information-security pros will no doubt have their work cut out for them.

 

Read 4528 times
Rate this item
(0 votes)

Visit other PMG Sites: