After another statement by the German Data Protection Authorities (German DPAs) of 5 September 2018 (Statement, available in English here), stating that the operation of a fan page as offered by Facebook was illegal, Facebook reacted “overnight” and released a co-controller agreement, the “Page Insights Controller Addendum” (Insights Addendum, available here). In a press release of 16 November 2018 (Press Release, available in German here), the Berlin Data Protection Authority (Berlin DPA) announced that it has been auditing organisations concerning the use of Facebook fan pages since early November. In this blog, we provide recommendations as to what organisations should do next.

Background

On 5 June 2018, the Court of Justice of the European Union (CJEU) handed down its judgment (Case C-210/16), holding that the operator of a fan page on Facebook is jointly responsible with Facebook for processing the data of visitors to the fan page. Only a day later, the German DPAs released their first statement on the consequences of the judgment, arguing that organisations do not meet data protection standards when operating a fan page on Facebook, leaving marketers in Germany and Europe with lots of uncertainty (for more background, please review our previous blog How big is the risk to operate Facebook fan pages in Germany?). Three months then passed without Facebook providing any solution to the operators of fan pages.Continue Reading Update on Facebook fan pages: What should organisations do after the release of Facebook’s co-controller agreement?