4 comments

[ 3.3 ms ] story [ 19.1 ms ] thread
Sorry about the shortened title, I did my best. The original is: "The administrator of a fan page on Facebook is jointly responsible with Facebook for the processing of data of visitors to the page"

The link is to the press release, the actual judgment is available at http://curia.europa.eu/juris/documents.jsf?num=C-210/16 (hover over the first document icon and click the language of your choice)

This is on the basis of the 1995 Data Protection Directive which has been repealed with the entry into force of GDPR on May 25. I'd be interested in understanding what this means. Will the German lower court decide based on this outdated Directive? Or doesn't it matter because GDPR is equivalent in this regard?

From the reports I've seen, GDPR is equivalent in the relevant parts, only the last bit (who the DPA can directly investigate) has changed, which isn't central to the case.

What I found interesting is that they reference the analytics visible to the page administrator: Does that mean that turning them off makes a material difference? Or is it just an additional thing the page owner has to take into consideration?

> What I found interesting is that they reference the analytics visible to the page administrator: Does that mean that turning them off makes a material difference?

I also read that as saying that if an admin could opt out of analytics, everything might be fine.

Though in the actual final ruling part they just say that "the concept of ‘controller’ within the meaning of that provision encompasses the administrator of a fan page hosted on a social network" without any further qualification.