German consumer organisations are suing Facebook because the social network keeps sharing personal data with third-party app makers without getting explicit consent from users.
Third party apps often want access to a users' chat as well as information about friends, personal contact information and the ability to post on a user's Facebook wall. But instead of asking users for permission, the apps available through Facebook's App Center just grant themselves access to the data, the Federation of German Consumer Organisations (VZBV), said yesterday.
Consent for such comprehensive data forwarding to the app provider was never provided by the user, the VZBV said. "Reason enough for the federation to start a new lawsuit against Facebook Ireland at the regional court in Berlin," it said. Facebook Ireland is responsible for all Facebook's activities outside of the US and Canada.
The social network's data protection practices worsened instead of improved when App Center was introduced in July, VZBV said.
In the past, Facebook asked for user consent by showing a pop-up window that warned data was shared with third-parties, and a user had the choice to click on allow or not allow. But when the App Center was introduced that changed, said Michaela Zinke, policy officer at the VZBV. "I'm very confused why Facebook changed it," she said, adding that before Facebook complied with German law and now doesn't anymore.
The VZBV warned Facebook in August to change its App Center privacy practices, threatening legal action if it did not do so, a warning that appears to have been in vain.
"Behind Facebook is a brutal business model," the VZBV said. While the use of the platform is free, Facebook isn't a charitable institution but instead lets people pay for the use of the platform with their own data, the organization said. That personal data is combined and used to make comprehensive user profiles that are used for targeted advertising, it added.
"Particularly problematic is the fact that not only Facebook but also the app providers are accessing the data. This is exactly what many users do not realize," the consumer organisations said. Especially children don't realize their data is shared with third parties when they tap on "play this game", the VZBV said.
Facebook does show a limited list in small light gray text that describes access that will be granted to an app provider when the user decides to download an app, suggesting that the sharing of this data is allowed, the VZBV said. However, sharing data with third-parties is only allowed under German law after an explicit and informed consent of the user, it said. Facebook's App Center therefore clearly violates telecom and competition laws, it added.
Facebook thinks its practice is transparent enough and is "surprised and disappointed that VZBV feels it is a good use of their time and public funds to take legal action over minor details of how we provide this transparency and choice," a spokeswoman said in an email. "We are confident that consumers in Germany face much more serious issues than the size of fonts and the arrangement of particular words on our website," she added.
The social network has been under renewed data protection scrutiny in Germany and other European countries lately. Earlier this week for example privacy campaign group Europe vs. Facebook threatened to take the Irish Data Protection Commissioner to court if it is not satisfied with the DPC's final responses to its complaints about Facebook's privacy policies.
The group made the threat because it thinks the DPC did not act in the best interests of users when it audited the social network's privacy policies. While Facebook went beyond the recommendations by deciding to delete all facial recognition data it had stored about its EU users, Europe vs. Facebook thinks there is more that can be done to protect users' privacy better.
VZBV expects the first hearing in the case to take place in Summer 2013.