The EU Data Protection Directive, implemented by individual member states, is to be applied even where the data controller is located outside the EU, but uses equipment located within the EU to process that personal data. The High Court of Berlin has been reviewing a case brought against Facebook by the Federation of German Consumer Organisations. The group claimed that Facebook was in breach of German data protection law by sending emails to non-users without their consent through use of the “Friend Finder” feature.
This ruling is contrary to that handed down by the Schleswig-Holstein Administrative Court of Appeals last year, which ruled that Facebook was not subject to local (German) data protection laws. The Administrative Court of Appeals did not address the question of whether the Irish or US operations controlled the processing of German users’ personal data. Rather found that the Irish operation’s participation of the blocking of anonymous accounts was sufficient to render a decision.
Need assistance? Please contact us and see how we can help.