Facebook is under public pressure from people who believe its terms and conditions are too strict as well as people who think these same terms and conditions are too lax. When everybody knows you and has an opinion about you that’s okay, but when (sub)national government agencies and courts also have different ideas about you, it can be a serious problem. This is the current situation in which Facebook finds itself.
Recently, the Data Protection Commissioner of the German State of Hamburg ruled against Facebook and its real names policy. The Commissioner said that according to a Federal German Law, Facebook should ‘allow the pseudonymous usage of its service.’ Facebook is not allowed to verify someone’s identity by demanding proof of identification.
I am positive that Jemmaroid Von Laalaa would agree with the Commissioner from Hamburg. But this is a remarkable statement since it is in direct contradiction to the increasingly common understanding that an intermediate online party such as Facebook has some sort of responsibility regarding what is being said and done on its online platform. If the intermediate agent bears some or all of this responsibility, it should be in a position to act accordingly.
When you consider, for example, a court ruling in Amsterdam, Facebook should have to turn over any information that could help identify a user that published a revenge porn video on the social network.
Although Facebook Europe is already under scrutiny by the relevant Irish authorities, this does not prevent other national authorities in the EU from coming up with different demands. With the exception of the Hamburg ruling, this has not led to any major problems for Facebook so far. The company has deep pockets and can handle the national costs involved in these cases, but what is even more interesting is the challenge behind this legal “couleur local”. This ‘margin of appreciation’ is being expressed on an increasing basis in EU member states or even on a sub-national level.
Apparently there is no such a thing as a ‘one-stop-shop’ for e-companies operating across the borders of EU member states. There do not seem to be any proper common rules (or interpretation of these) when it comes to data protection related to telecommunication. What does this mean for e-commerce? What kind of implications does this have for start-ups in smaller EU member states when the approval of their local practices means nothing in another EU member state?
It seems that the Luxembourg EU Presidency is facing a serious challenge with its ambitions for the so-called EU Single Digital Market. So far, it appears that data protection will not be set up in the same way competition law is guaranteed (centralised). It will not be set up on a truly EU level, but instead via local protection authorities (decentralised) who will take the lead with plenty of room for their own interpretation of local and EU regulations.
This can be a serious threat for the development of the EU Digital Single Market. Since the Digital Market has the most potential for growth in the EU, this is should not be dealt with based on popular sentiments, but with proper ideas and a discussion that addresses liberty, privacy and prosperity.