Introduction

On 19 December 2017, the German Federal Cartel Office (FCO), issued a press release alleging that Facebook had abused its dominant position on the market for social networks in Germany.

It specifically alleges that it forces users to sign up on a ‘take it or leave it’ basis to Facebook’s use and collection of their data. Facebook then uses this broad consent to monitor users’ non-Facebook data and merge those details with the users Facebook/Instagram/Whatsapp data for use in its own marketing efforts.

The mass collection of user data is a well-known strategic goal of big tech, but the real question is: what will the FCO do about it?

The FCO Allegations

The FCO are alleging an abuse of dominance because Facebook users are forced to sign up to a ‘take it or leave it’ approach to Facebook’s use and collection of their data. This means users can either allow the complete use and control by Facebook of their data, or not have a Facebook account at all. The FCO considers that in this circumstance and because of the dominant position of Facebook, users are not really giving their consent at all.

Having received users consent the FCO is also concerned that Facebook is using Application Programming Interfaces (API) to monitor user data on third party websites. Facebook will link external websites through the Facebook interface and users can follow these links to access third party websites. What users don’t likely know is their activity on these websites is monitored through the API. The API enables Facebook to collect that data, even though the user thinks they have left Facebook. The use of the API actually means the user completes the action and views the third party content without Facebook losing the ability to record the user’s movements and interactions.

The current case does not concern the collection and use of data on the Facebook network itself. The Bundeskartellamt leaves explicitly open whether this also constitutes a violation of data protection provisions and the abuse of a dominant position. The FCO states that “in the authority’s assessment, consumers must be given more control over these processes and Facebook needs to provide them with suitable options to effectively limit this collection of data”.

The Solution?

This goal is laudable and the FCO’s assessment of Facebook’s conduct seems logical, but the real question is: what measure can they take to stop the behaviour? In other data protection cases, such as for the use of tracking cookies by websites, rather lame solutions have been enacted such as the annoying and ineffective cookie notices that users are plagued by when visiting websites. It’s not hard to see how the FCO and Facebook could claim the consent to the API data collection is given if users simply have to click through some data collection notice (which they inevitably will) when viewing third party content.

More drastic and concrete solutions do exist such as simply banning the use of API data collection by Facebook, or diluting the value of Facebook’s mass data collection by insisting it is accessible for free by competitors. Could Facebook be forced to even offer German users a ‘data light’ user profile with only limited access to users’ data by the company? Solutions such as these would severely impact the business model and share price of Facebook and would likely be met with expensive and protracted litigation for the FCO and lobbying on an EU level by the company.

The case will be monitored with interest as the FCO expects a final decision including a possible prohibition or commitments from the company in early summer 2018.

The press release can be found here.