Give Facebook Fanpages the boot?

The big question is, how to deal with Facebook Fanpages after the recent EuGH decission. What has happenend?
The EuGH reached a desission that data protection issues regarding Facebook Fanpages can’t be handed over solely to Facebook Inc., because those who are actively running Facebook Fanpages are at least co-responsible for issues regarding dataprotection of user data.

Althoug the ruling regards on ongoing procedure from the year 2011 it will have effects on how we will be running Facebook Fanpages in the future. Looking at the entire judgement of the case at hand, the judges came to the conclusion that people runnung Facebook Fanpages are co-responsible for data protection and data security, and therefore they can be made liable, if violations regarding the GDPR occur. Furthermore it is currently the common opinion among lawers that this judgement has to be seen in the light of the GDPR, which went into effect on May 25th 2018. Especially considering the fact that companies and private entities had a 2-year deadline to implement the GDPR rules.

In order to run Facebook Fanpages and be GDPR compliant the most important task will be to enable the user to see the current data protection policy of a particular Facebook Fanpage. This policy must be placed where it can easily be seen by the user. This policy must contain the following:

  • The personal data that is being collected
  • The reason for the collection of the data (in accordance with GDPR rules)
  • The fact that data is being transmitted into a country outside the European Union
  • The fact that profiling and tracking through the provider of the plattform (Facebook) is going on in the background

Currently there is consesus among lawers that there is pretty much no difference between the GDPR relevant procudure between Websites and Facebook Fanpages. The question is: “Why is that a problem?”:
In general there is a problem with data that is hosted on the Facebook Fanpage itself. If this is being done than data is already being transmitted into a country outside the European Union with different standards regarding the GDPR. But this could be avoided if the media in question were to be hosted on ones own “webspace” with the European Union. The same is true for the use on fonts. If hosted on a Facebook server it might be a problem regarding the GDPR. But like with media this could be avoided if the fonts were to be hosted on a “personal webspace” within the European Union.

Where it really gets tricky is with Social Media buttons on the Facebook Fanpage. These are usually provided by Facebook itself and deploys an iFrame with all the problems that have lined out in the Blog post “The problem with “Likes””. The only way around that problem would be deploying a 2-Click approach on the Facebook Fanpage itself or not use any Social Media buttons at all. Just acknowledigng the fact in the data protection policy is not enough, since by the time the user reads the data protection policy a violation of GDPR procedures has allready occured and that could very quickly lead to warnings through the GDPR authority or even lead to penalties.
The longer this problem on a Facebook Fanpage remains unsolved the less likely judges will be to hand out a warning rather than a penalty.

The time to fix these violations of GDPR rules on Facebook Fanpages is right now. If the issues can’t be fixed or it would mean to much of a hazzle, than maybe it is time reassess Facebook Fanpages alltoghether. In some instances shutting down a Fanpage might be the easier process and one will definitely be on the safe side with the latter approach.