Facebook are in trouble again. You remember how a case brought by Max Schrems, an Austrian student, ended up bringing down Safe Harbour – the scheme that allowed EU citizen data to be sent to the US for processing? Well, now Facebook is being investigated by the German anti-cartel authority. The headline is that they suspect Facebook of having abused its dominant position in social networking to engage in wide-scale collection and processing of user information without obtaining proper consent.
Dull? Not so much. You’ll also remember that gaining explicit consent for whatever data collection and processing you intend is a key plank of the EU’s forthcoming General Data Protection Regulations. And that in my blog on the topic, I suggested that the likely response from tech industry lawyers would be to write all-encompassing consent clauses that users would have to sign in order to use the service. That’s what I’ve heard lawyers suggest on the subject, not just my fevered imagination.
This action by the BKA looks to me like more than just picking on Facebook. I think they’re also laying down a marker saying that general consent clauses won’t be acceptable; nor will major market players be able to force consent in return for service access. In other words, instead of “all or nothing”, they’ll have to make it possible for consumers to use the service without providing blanket consent.
So if you’re looking at updating your processing consents to be ready for the GDPR, or you’re planning some big-data-driven marketing and profiling, I’d be cautious if your lawyers are suggesting you can get around the need for specific and explicit user consent.