One more chapter to the never ending story of the protagonist Facebook and ULD, the data protection authority of Schleswig-Holstein, has been written. Last week, a German administrative court decided that contrary to ULD’s official order, Facebook cannot be forced to permit the use of pseudonyms for its users.
While the ULD was sure that Facebook’s real name policy violated the German Telemedia Act (which expressly rules that users must be allowed to use nicknames online), the court did not necessarily disagree, but took a different view in reaching its decision. ULD’s orders were issued against Facebook Inc., in the U.S., and Facebook Ireland Limited, which is responsible for all of Facebook’s activities outside of the U.S. and Canada. According to Facebook’s submission to the court, the existing German Facebook subsidiary (Facebook Germany GmbH) merely handles marketing and acquisition for the local market only and does not process any personal information. The court found that since Facebook Ireland Limited processes all user information, based on § 1 (5) sentence 1 of the German Federal Data Protection Act, as construed in accordance with Art. 4 (1) a) of the Directive 95/46/EC, Irish data protection laws apply, and not German laws.
This is a strong blow to the ULD. Thilo Weichert, Privacy Commissioner and head of the ULD, commented that “the decisions are more than amazing,” especially because in his view, Facebook Ireland does not process any personal data itself either – this is done by Facebook Inc.
He announced that the ULD would appeal the decision to avoid the development of a one-stop-shop system. By establishing a main office in an EU member state with a low level of data protection, oversight in other countries could be avoided easily if the national entities remain ignorant of any data processing taking place.
We will keep you posted about any further developments.