If You Run A Facebook Page, You’re Responsible For User Data, Says EU Court
The top court in Europe ruled Tuesday that users who operate and organize a fan page on Facebook are responsible for safeguarding the involved data.
The decision from the Court of Justice of the European Union (CJEU) could conceivably make page administrators — which are sometimes average users only overseeing a group with members in the single digits — liable when Facebook does not abide by the EU’s rules.
It’s a fairly momentous ruling since it implies that even the most casual Facebook administrators could technically become subjected to the law, and subsequent penalties. Also, it likely means that Facebook and other similar companies will have to update their terms and services agreements.
“We are disappointed by this ruling,” a Facebook spokeswoman told The Daily Caller News Foundation. “Businesses of all sizes across Europe use internet services like Facebook to reach new customers and grow.”
The change in international policy comes from a case dealing with a German educational company, Wirtschaftsakademie Schleswig-Holstein.
The highest relevant authority in the German state of Schleswig-Holstein mandated in 2011 that the domestic firm close its page on Facebook because allegedly neither it nor the social media giant were notifying online visitors that cookies were enabled, thus collecting personal data.
“It must be stated … that the administrator of a fan page hosted on Facebook, by creating such a page, gives Facebook the opportunity to place cookies on the computer or other device of a person visiting its fan page, whether or not that person has a Facebook account,” the CJEU’s official judgement reads.
“According to the Court, the fact that an administrator of a fan page uses the platform provided by Facebook in order to benefit from the associated services cannot exempt it from compliance with its obligations concerning the protection of personal data,” says a corresponding press release from the CJEU.
Much like the EU’s attempts at sweeping new changes under the General Data Protection Regulation, it’s not clear if complete compliance will be possible. Having said that, if anyone is able to afford the potential punishments and fundamentally reforming its business structures, it’s extremely large companies like Facebook, not the more informal users. (RELATED: Europe Vs. Silicon Valley: How The Continent Is Responding To Big Tech’s Growing Power)
To avoid feeling the ostensible wrath of European regulators, the administrator must contribute in determining what data to collect, and how to manage and maybe promote it, by establishing a target audience, among other measures.
“While there will be no immediate impact on the people and businesses who use Facebook services, we will work to help our partners understand its implications,” the Facebook representative said. “We are compliant with applicable European law and as part of our preparations for GDPR, we have further improved our privacy policies, controls and tools to make them clearer.”
This post has been updated to include comment from a Facebook spokeswoman.
Send tips to firstname.lastname@example.org.