Privacy & Information Security Law Blog

On June 23, 2020, the German Federal Court of Justice (the Bundesgerichtshof, or “BGH”) issued a decision confirming the enforceability, in preliminary proceedings, of the order of the German Federal Cartel Office (the “Bundeskartellamt”) against Facebook’s data practices.

On February 2, 2019, the Bundeskartellamt issued an order prohibiting Facebook from combining user data from different sources. The Bundeskartellamt had concerns from a competition law perspective, alleging Facebook’s abuse of its dominant position in the market based on Facebook's terms and conditions stating that Facebook may collect user data from different sources (including Facebook-owned services such as WhatsApp, Instagram and third party websites) and assign this data to the user’s Facebook account. The Bundeskartellamt stated that such data combination should be subject to users’ voluntary consent.

The BGH decision reveals the interplay between the collection of personal data and competition law. The BGH clarified that the question in this case is not whether Facebook violated the data protection provisions of the GDPR but whether Facebook’s terms are abusive from a competition law perspective on the ground that the terms give users no choice regarding how their data will be combined for personalization purposes. In particular, the BGH established that Facebook’s terms are abusive in that Facebook users have no choice as to whether: (1) they want to use the social network services of Facebook with more intense personalization of the user experience, which may result in potentially unlimited access to their internet activity outside Facebook, or (2) they consent only to personalization based on the data that they reveal on the Facebook service itself.

On June 24, the German Federal Data Protection Commissioner issued a statement welcoming the BGH decision. Federal Data Protection Commissioner Professor Ulrich Kelber reiterated, “I thank the Bundeskartellamt for its initiative. Competition law and data protection go hand in hand. The judges do not consider Facebook's violations of the General Data Protection Regulation to be decisive in their decision. Nevertheless, the BGH emphasizes that the unrestricted profile creation is an abuse due to the terms of use. Even if it may take a while until the final decision is made, this decision provides clarity for the time being.”

Read the BGH’s press release.