Dies ist unser Webangebot mit Stand 27.10.2014. Neuere Artikel finden Sie auf der überarbeiteten Webseite unter www.datenschutzzentrum.de.
Frequently Asked Questions
In response to our press release on Facebook’s web analytics, ULD is currently receiving a high number of inquiries. All inquiries will be answered individually within short time.
For some frequently asked questions we are additionally providing the answers shown below. These FAQ will be updated regularly.
Last update: 2011-08-23, 16:30 pm, version 0.7 (Previous version: 0.6)
Q: Is ULD competent to issue prohibitions and administrative offence actions in line with the German Teleservices Act?
A: Yes. The Unabhängige Landeszentrum für Datenschutz Schleswig-Holstein (ULD) is pursuant to sect. 32 of the Schleswig-Holstein Data Protection Act of February 9, 2000 (LDSG SH) a public institution (Anstalt öffentlichen Rechts), publicly financed by the State of Schleswig-Holstein, sect. 33 par. 1 LDSG SH. ULD’s task according to sect. 39 par. 1 and 2 is to ensure compliance with LDSG and other data protection regulations of public institutions and for private institutions (economy) according to sect. 38 Federal Data Protection Act of January 2003 (BDSG). Consequently, ULD is the competent supervisory authority for data protection in the federal state of Schleswig-Holstein.
Pursuant to subpar. 3.5.2 of the Public Offences Ordinance (OWi-ZustVO) ULD is competent to pursue actions under sect. 43 BDSG. An allocation to pursue actions under the Teleservices Act (TMG) has not been included in OWi-ZustVO. Therefore, competence to issue fines is determined in line with the general basic rules, set down in the Public Offences Act (OWiG) in sect. 36 no. 1 OWiG. Accordingly competence is with the public authority which by law is assigned with the task.
For prosecution of public offences under sect. 16 TMG, competence is divided in the state of Schleswig-Holstein. Concerning offences against the obligation to publish information (Impressumspflicht) pursuant to sect. 16 par. 1 and 2 no. 1 TMG, competence according to sect 38 par. 6 of the Treaty on Electronic Media in Hamburg and Schleswig-Holstein of June 13, 2006 (Medienstaatsvertrag HSH) is assigned to the Medienanstalt Hamburg / Schleswig-Holstein (MA HSH).
Supervision of compliance with data protection regulations in the Teleservices Act (sect. 11 – 15 TMG) is according to sect. 59 par. 1 Treaty on Broadcasting and Media (RStV) assigned to the supervisory authorities competent under the general data protection acts of the Federal State and the Laender. They are supervising compliance with data protection regulations of the Teleservices Act within their territory. ULD, therefore, is the competent authority to supervise compliance with the data protection regulations of the Teleservices Act. This is in line with relevant opinions in literature: “In the non-public sector, i.e. in privately operated teleservices, the following federal state authorities are competent: […] in Schleswig-Holstein the Unabhängiges Landeszentrum für Datenschutz” [sic!]. (Volkmann, in: Spindler/Schuster, Recht der elektronischen Medien, 2. ed. 2011, RStV Sect. 59, recital 30).
Contrary legal opinions are therefore legally mistaken.
Q: Does ULD have its own fan page on Facebook?
A: No. There are a few fan pages that purport to be official ULD sites. None of these sites is held by ULD.
Q: Does ULD use Facebook’s social plug-ins on its own website?
A: No. The web sites of ULD are available at https://www.datenschutzzentrum.de/ . Other web sites and information about ULD are provided by others, some of them being public institutions. Please turn to the contacts provided on the respective sites, e.g., in site notice.
Q: Can a website owner use Facebook’s social plug-in in a way limiting the uncontrolled transfer of personal data?
A: Yes. A data thrifty implementation in line with sect 13 par. 2 TMG currently requires that social plug-ins may only be loaded if the user has declared his or her consent to the subsequent transfer of personal data to Facebook towards the website owner. This can be achieved by implementing a graphic prepared by the website owner in the place where the social plug-in should show on the website instead the social plug-in itself. After clicking on this graphic the user needs to be fully informed about the intended transfer of personal data to Facebook. If the user actively consents to the transfer and if he or she has been sufficiently informed, the social plug-in of facebook can be loaded. There is a possibility to collect the consent in a non-personalized cookie also for subsequent visits to the respective website. The user needs to be informed about the placement of such a cookie as well. However, it is to be noted that by such a free and informed consent of the user the transfer of personal data to Facebook at the website owner’s instigation can be justified. This does not alternate our current analysis that there are currently no such valid consents of the users exist with respect to Facebook.
Q: Can ULD mention examples where Facebook social plug-ins have been implemented in a data economic way?
A: We are currently in contact with some website owners and are checking the implementation of social plug-ins on those sites. After successful inspection we will refer to these solutions in this FAQ.
Q: Can Facebook fan pages be used privacy compliant?
A: ULD is currently not aware of a possibility to use fan pages in a privacy compliant way. This would require far-reaching changes on the part of Facebook. In particular, Facebook would have to provide fan page owners with an ability to deactivate the collection of personal data for generating web analytics (Facebook Insights). Further, Facebook would have to introduce a function to collect user consent for web analytics respective measures to implement the requirements of sect. 15 par. 3 TMG.
If you have further information or inquiries please contact
Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein
Holstenstr. 98, 24103 Kiel, Germany
Fon: +49 (0)431 988-1200, Fax: -1223