EU ruling on the responsibility of Facebook admins to collect data may have far-reaching consequences
The German courts upheld a 2011 local DPA decision that would require page admins to act as separate controllers of the same data collected by Facebook.
“The administrator of a fan page on Facebook is jointly responsible with Facebook for the processing of visitors to the page.”
That’s the conclusion made this week in a judgment by the Court of Justice of the European Union (CJEU) in Luxembourg.
It concerns a decision passed down in 2011 by the data protection authority of the German state Schleswig-Holstein, ordering German business academy Wirtschaftsakademie to deactivate its Facebook page.
The order was based on a breach of the EU’s Privacy Directive 95/46, a set of rules that has now been replaced with the General Data Protection Regulation (GDPR), which came into full force at the end of May. The Schleswig-Holstein data protection authority (DPA) said that the academy’s Facebook page was in breach because it did not inform visitors that it was using cookies to track them, or that it collected and stored their data.