The Bundeskartellamt, which is the German Federal Cartel Office (FCO), said that it’s investigating whether Facebook, through its subsidiaries Facebook Inc. USA, and Facebook Germany GmbH, Hamburg, used its dominant social networking position to violate data protection and competition laws in Germany.
The FCO said that Facebook may have used “unlawful” terms and conditions that were imposed on the users in an unfair and abusive way.
Andreas Mundt, President of the Federal Cartel Office, said: "Dominant companies are subject to special obligations. These include the use of adequate terms of service as far as these are relevant to the market.""For advertising-financed internet services such as Facebook, user data are hugely important. For this reason it is essential to also examine under the aspect of abuse of market power whether the consumers are sufficiently informed about the type and extent of data collected," he added.
The real issue here is that Facebook collects too much data from users and then essentially forces users to accept having all of that data collected if they want to use the service. This may constitute an abuse under the national data protection laws. If the investigation finds a connection between Facebook’s market position and this type of infringement, then it could also charge the company with abuses under the competition law.
The FCO said that it’s collaborating with competent data protection officers, consumer protection associations, the European Commission, and the competition authorities of the other EU Member States.
Facebook has already been involved in at least three other privacy-related lawsuits in the EU, one in regards to the Safe Harbor agreement, which was deemed invalid by the Court of Justice of the European Union; one that reached the Austrian Supreme Court last fall (both of these filed by Maximilian Schrems); and another one in Belgium, where Facebook was ordered to stop tracking non-users.
Things aren’t going to get that much better for Facebook in the future in the EU, unless it drastically overhauls its privacy policies. The EU has just finalized a stronger data protection regulation; a new directive on cybersecurity, which could also affect big companies who collect too much data, in terms of liability post-data breaches; and the new “Privacy Shield” agreement, meant to replace the Safe Harbor one (although this one seems to mostly allow the companies to self-certify and only be verified by the U.S. Department of Commerce, which may not apply the toughest standards on American corporations).
Lucian Armasu is a Contributing Writer for Tom's Hardware. You can follow him at @lucian_armasu.