Facebook’s US-style approach to privacy is once again colliding with EU privacy laws.
This time, Germany’s federal competition authority, the Bundeskartellamt, is tackling the issue of user data privacy on the basis of antitrust law.
The authority is launching an antitrust probe into Facebook’s data harvesting practices, under the suspicion that Facebook is abusively imposing “unfair conditions” on users.
Andreas Mundt, president of the competition authority, on Wednesday said in a statement that Facebook’s reliance on user data makes it essential to examine whether its users are “sufficiently informed” of what’s collected and how:
Dominant companies are subject to special obligations. These include the use of adequate terms of service as far as these are relevant to the market. For advertising-financed internet services such as Facebook, user data are hugely important. For this reason it is essential to also examine under the aspect of abuse of market power whether the consumers are sufficiently informed about the type and extent of data collected.
Specifically, Facebook’s terms and conditions – under which users agree to their data being collected for the purpose of targeted advertising – are tough for users to understand, the Bundeskartellamt says:
It is difficult for users to understand and assess the scope of the agreement accepted by them. There is considerable doubt as to the admissibility of this procedure, in particular under applicable national data protection law.
The German competition authority said that it’s working closely with data protection officers, other EU member states’ competition authorities and consumer protection associations, and the European Commission in the investigation.
As Fortune notes, pulling privacy law into the realm of antitrust is a major shift in how Germany’s approaching enforcement.
Up until now, Facebook has tried to argue its way out of these privacy lawsuits by way of jurisdiction.
Last year, when the Belgian privacy watchdog sued Facebook over its tracking of non-users, the social network argued that it only had to answer to the privacy watchdog of Ireland, where its EU servers are headquartered.
Bringing privacy into the antitrust realm accomplishes a few things, as Fortune notes: it neatly sidesteps Facebook’s jurisdiction argument, takes it off the plate of German data protection authorities that are now buried in cases coming out of the fall of the EU-U.S. Safe Harbor agreement on data sharing, puts it onto the plate of an authority with deeper resources, and opens Facebook up to much stiffer potential maximum fines.
As Fortune reports, The EU’s upcoming General Data Protection Regulation rules will allow for fines of up to 4% of global annual turnover, whereas German antitrust fines can rise to as high as 10% of group revenue.
Facebook put out a statement saying that it’s happy to work with the German authority on the matter:
We are confident that we comply with the law and we look forward to working with the Federal Cartel Office to answer their questions.