Facebook Personal Data Use & Privacy Settings Ruled Illegal

Facebook’s default privacy settings and use of personal data are against German consumer law, according to a judgement handed down by a Berlin regional court.

The court found that Facebook collects and uses personal data without providing enough information to its members for them to render meaningful consent. The federation of German consumer organisations (VZBV), which brought the suit, argued that Facebook opted users in to features which it should not have.

Heiko Duenkel, litigation policy officer at the VZBV, said: “Facebook hides default settings that are not privacy friendly in its privacy centre and does not provide sufficient information about it when users register. This does not meet the requirement for informed consent.” 

In a statement, VZBV elaborated on some of its issues: “In the Facebook app for smartphones, for example, a location service was pre-activated that reveals a user’s location to people they are chatting to.

“In the privacy settings, ticks were already placed in boxes that allowed search engines to link to the user’s timeline. This meant that anyone could quickly and easily find personal Facebook profiles.” 

The Berlin court agreed with VZBV that the five default settings the group had complained about were invalid as declarations of consent. The German language judgment was handed down in mid-January, but only publicly revealed on last week. The court also ruled eight clauses in Facebook’s terms of service to be invalid, including terms that allow Facebook to transmit data to the US and use personal data for commercial purposes. 

The company’s “authentic name” policy, a revision of a rule that once required users to use their “real names” on the site, but which now allows them to use any names they are widely known by, was also ruled unlawful.

In a statement, Facebook said it would appeal, adding: “We are working hard to ensure that our guidelines are clear and easy to understand, and that the services offered by Facebook are in full accordance with the law.” 

A week after the Berlin court ruled against Facebook, the social network promised to radically overhaul its privacy settings, saying the work would prepare it for the introduction in Europe of the General Data Protection Regulation (GDPR), a sweeping set of laws governing data use across the EU. 

Sheryl Sandberg, Facebook’s chief operating officer, announced the changes, saying they would “put the core privacy settings for Facebook in one place and make it much easier for people to manage their data”.

Facebook has faced repeated attacks from European regulators, particularly those in Germany, over issues ranging from perceived anti-competitive practices to alleged misuse of customer data.

Since March 2016, the company has been investigated by the German Federal Cartel Office over allegations it breaches data protection law in order to support an unfair monopoly. 

In an interim update in December last year, the office said that it objected to the way Facebook gains access to third-party data when an account is opened.  This includes transferring information from its own WhatsApp and Instagram products, as well as how it tracks which sites its users access. 

Guardian

You  might Also Read: 

Facebook Enables 'Fake News':

Germany Gets Tough On Social Media:

 

 

 

 

« Bitcoin Energy Use In Iceland Soars
What Does The US Air Force Want From AI? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

authen2cate

authen2cate

Authen2cate offers a simple way to provide application access with our Identity and Access Management (IAM) solutions for enterprise, small business, and individual customers alike.

APrivacy

APrivacy

APrivacy provides information and communication security products for the financial services industry.

TrustArc

TrustArc

TrustArc provide privacy compliance and risk management with integrated technology, consulting and TRUSTe certification solutions – addressing all phases of privacy program management.

DCIT

DCIT

DCIT is a specialist in providing comprehensive consulting and auditing services in the field of information technology, PROVYS development software and security system AuditSquare.

Digital Transformation EXPO (DTX)

Digital Transformation EXPO (DTX)

Digital Transformation EXPO showcases the latest technology and insight from the world’s leading brands and experts in DX.

Advens

Advens

Advens is a company specializing in information security management. We provide Consultancy, Security Audits and Technology Solutions.

Salviol Global Analytics

Salviol Global Analytics

Salviol Global Analytics is a leading provider of Fraud, Risk and Operational Performance Solutions to a number of vertical markets including Insurance, Banking, Utilities, Telco’s and Government.

CyberDegrees.org

CyberDegrees.org

CyberDegrees.org aims to provide top-notch information for students seeking Cyber Security education and career guidance.

Savanti Consulting

Savanti Consulting

Savanti provides practitioner-led cyber security services tailored to meet each organisation’s unique requirements.

Silent Sector

Silent Sector

Silent Sector is a cybersecurity services company that specializes in providing a wide range of managed security services.

UK Cyber Security Association (UKCSA)

UK Cyber Security Association (UKCSA)

The UK Cyber Security Association (UKCSA) is a membership organisation for individuals and organisations who actively work in the cyber security industry.

Anxinsec

Anxinsec

Anxinsec Technology is a security solution and service provider with a focus on new technology and innovations in cybersecurity.

Prancer

Prancer

Prancer is the industry's first cloud-native, self-service SAAS platform for automated security validation and penetration testing in the cloud.

Serbus

Serbus

Serbus Secure is a fully managed suite of secure communication, enterprise mobility and mobile device security tools.

Camelot Secure

Camelot Secure

Camelot Secure Secure360 platform is a holistic redefinition of what world-class cybersecurity strategies can be. Prepare. Protect. Deploy.

Insane Cyber

Insane Cyber

Insane Cyber make cybersecurity easier to manage through automated, easy-to-use software and expert support and partnership.