Facebook Data Collection Under Fire in Germany Again

A German privacy protection authority is calling on organizations there to close their Facebook fan pages and remove the social networking site’s “Like” button from their websites, arguing that Facebook harvests data in violation of German and European Union law.

The Independent Centre for Privacy Protection (ULD), the privacy protection agency for the German state of Schleswig-Holstein, issued a news release on Friday saying Facebook builds a broad, individualized profile for people who view Facebook content on third-party websites.

Data is sent back to Facebook’s servers in the U.S., which the agency alleges violates the German Telemedia Act, the German Federal Data Protection Act and the Data Protection Act of Schleswig-Holstein. The agency alleges the data is held by Facebook for two years, and wants website owners in the state to remove links to Facebook by the end of next month or possibly face a fine.

“The wording in the conditions of use and privacy statements of Facebook does not nearly meet the legal requirements relevant for compliance of legal notice, privacy consent and general terms of use,” according to the ULD.

ULD officials could not be reached on Tuesday for comment. Facebook said in a statement that it firmly rejected allegations that it is in violation of E.U. data protection standards.

“The Facebook Like button is such a popular feature because people have complete control over how their information is shared through it,” the company said in a statement. “For more than a year, the plugin has brought value to many businesses and individuals every day. We will review the materials produced by the ULD, both on our own behalf and on the behalf of web users throughout Germany.”

Third-party websites use Facebook’s “Like” button — known generally as a “social plugin” — as a means of promotion, letting their visitors share information they find useful through their own Facebook profiles. When a Facebook user clicks the Like button, it will result in a “story” within the user’s News Feed on Facebook, along with a link to the website.

When the Like button is displayed on a third-party website, Facebook collects data including the user’s computer operating system and IP (Internet protocol) address — and, if the user is logged in to Facebook, their Facebook user ID. Facebook delivers information back to the website using the button, including the number of Likes. It also supplies demographic information, such as the percentage of visitors by gender, their age range, language, city and country.

Facebook retains logs of the IP addresses of logged-out members for 90 days before deleting them, which is an industry-accepted time frame, Facebook has said.

Facebook also allows advertisers to purchase campaigns using items that people “Like” as denoted on their profiles, something the company terms “Interests Targeting.”

The move by the ULD is the latest problem for Facebook in Germany, which has undertaken close examinations of social networking services for potential privacy violations.

Earlier this month, Hamburg’s Data Protection Agency (DPA) sent a letter to Facebook saying the social networking site should get users’ consent before their biometric data, used to enable the automatic photo tagging feature, is stored.

Users can opt out of the feature, but the DPA claims that the process is unclear. The DPA contends that E.U. privacy regulations require that users give their consent before their data is stored, including the data used to enable tagging. Facebook said it rejects any claim it is not meeting E.U. law.

Send news tips and comments to jeremy_kirk@idg.com