Berlin’s district court ruled this week that Facebook’s Friend Finder feature was invading people’s privacy — and that the site should not let people use it without explicitly telling them that that the tool can suck in the details from their entire email address book, including names and physical addresses.
The court also found that Facebook was wrong to claim rights over photos and other content uploaded by its users, and that it has to get a user’s consent before sticking their profile picture into Facebook ads.
Despite reports suggesting that the problem had been fixed, however, that may not actually be the case.
Consumer rights group VZBV, which launched the complaint, said it was happy with the ruling — which it hailed as a “milestone” in a statement (auf Deutsch) — a spokesman told me that that there are still significant issues with the way Friend Finder works.
“While the Facebook application in the meantime has been modified slightly, in our opinion it is still insufficient,” VZBV told me.
“Users are still not adequately informed that their entire address book will be imported to Facebook. For example, Facebook sometimes imports the entire address book — including names, addresses and maybe telephone numbers — not only the email addresses.”
VZBV also pointed out that Friend Finder sometimes imports email addresses from the mail client’s outbox or sent mail folder, as well as from the address book.
“The consumer does not know these things. Therefore the consumer cannot assess its consent to import his address book,” the group said.
The group also said it was looking forward to the new EU-wide data privacy rules that the European Commission is proposing — these reforms include the so-called ‘right to be forgotten’, which means social networks and other ‘data controllers’ have to delete personal information about a user when that person asks them to.
Facebook itself hasn’t publicly announced its next move, saying only that it will “take a close look into the details of [the] court decision as soon as they are available and then decide on the next steps.”
Facebook does get a pretty tough time of it in Germany. The country’s history – think the Nazis and the Stasi – is a major factor that makes people there more aware of privacy issues than most. Germany was, in fact, the first country to introduce data protection laws, and it bases its laws on very strict interpretations of wider European Union rules.
German officials have previously taken Facebook to task over its facial tagging systems, ‘Like’ buttons and Facebook Pages. And the Berlin case follows on from Facebook’s 2010 encounter with the Hamburg data protection officials. That time round, the case was dropped after Facebook agreed to let non-members opt out of receiving invitations, and promised to make it more apparent to users when it was sending out emails to their non-member friends.
Not satisfied, the VZBV took Facebook to court in Berlin, complaining that Friend Finder breaches German (and European) data protection laws. The court agreed.
But Facebook isn’t the only U.S. company to hit such problems — Google has given up on updating its Street View imagery for Germany, following widespread protests from the public and officials.