Broadcasters and media groups in the EU, along with other organisations, will be held jointly responsible for protecting visitors’ personal data on Facebook fan pages following a ruling by the European Court of Justice.
The court ruling follows a case in Germany where the data protection regulator ordered an educational company to close a fan page because visitors were not told that their personal data was being collected.
The company had argued that it could not be held responsible for the processing of personal data by Facebook.
However the European Court has ruled that fan page administrators provide input for the filters that Facebook applies to aggregate user statistics, determining the parameters for data collection from the social media giant, and are therefore responsible for complying with 1995 EU Data Protection Directive and its successor the General Data Protection Regulation (GDPR).
Media companies and others will now be considered as joint controllers of fan pages alongside Facebook and will have to ensure GDPR compliance.
According to public broadcasters organization the EBU, members operating a fan page on Facebook should now be aware that they will be considered as joint controllers with the social media outfit and may have to strike agreements with Facebook that determine each side’s respective responsibilities.
The court also confirmed that Germany’s data protection authority can acct against Facebook itself for breaching privacy rules even though its European base is in Ireland. Facebook had argued that only Ireland’s regulator had jurisdiction over its activities in Europe.