Facebook: 'No merit' to claim we broke German privacy law

Facebook has hit back at a watchdog that claimed the website broke German law by requiring users to reveal their real names. The independent privacy protection agency ULD in Kiel, north Germany, yesterday ordered an end to the social network's policy on real names.

But a Facebook spokeswoman today told The Register: "It is the role of individual services to determine their own policies about anonymity within the governing law – for Facebook Ireland [that will be] European data protection and Irish law. We believe the orders are without merit, a waste of German taxpayers' money and we will fight it vigorously."

ULD disagrees with that assertion. Its privacy commissioner Thilo Weichert complained on Monday:

It is unacceptable that a US portal like Facebook violates German data protection law unopposed and with no prospect of an end.

In so far, we hope for a fact-based debate not aimed at delaying action. In view of the fact that Facebook currently is taking the opportunity from all its members to decide themselves about their own discoverability under their name, our initiative is more urgent than ever.

Facebook pushes for the use of real names on its social network and attempts to flush out anonymous users. This is partly for security reasons and partly to discourage trolling and such hobbies.

The website's operators can suspend suspicious-looking accounts until the user provides evidence that they are who they say they are. Formal ID is often required, such as a scanned copy of that person's passport. These images are temporarily kept on Facebook's system while the real name is fully verified.

Such sensitive data being held, however fleetingly by Facebook, is undoubtedly troubling, certainly enough to rattle Schleswig-Holstein's privacy commissioner.

The data regulator argued that "permission to use pseudonyms on Facebook is reasonable".

Thilo Weichert said Facebook's rule is 'unacceptable'

"The real name obligation does neither prevent abuse of the service for insults or provocations nor does it help prevent identity theft," ULD added in its statement yesterday. "Against this other precautions are necessary. To ensure the data subjects' rights and data protection law in general, the real name obligation must be immediately abandoned by Facebook."

Recently the Irish Data Protection Commissioner's office was slammed by Austrian student group europe-v-facebook, which claimed that the watchdog had been "fooled" by the Mark Zuckerberg-run free-content advertising network, whose European headquarters are in Dublin.

The criticism came after Facebook confirmed it had clarified some of its privacy protection proposals following discussions with the Irish commissioner.

This isn't the first time data protection officials in the north German state have attacked Facebook: in August last year, ULD complained about the company siphoning off German citizens' information to servers in the US.

The same authority said Facebook's photo recognition software sucked big time when it came to privacy. That feature has since been switched off in Europe. ®