Facebook Wins Battle To Ban Pseudonyms; Apologies To Professor Otto von Schnitzelpusskrankengescheitmeyer
By IT-Lex Intern Joey Chindamo (LinkedIn)
Here’s a follow up to one of our stories from last month. Facebook won a decisive victory last week when a German administrative court held that the social networking behemoth was not subject to one of the country’s strict privacy laws. Section Four of Facebook’s Statement of Rights and Responsibilities establishes its real name policy, mandating users to provide their real names and information when they register for the site; it essentially prohibits Facebook users from creating fake accounts, accounts under pseudonyms, or the like.
But the data protection commissioner from the north German state of Schleswig-Holstein said this rule violated German law, which allows people to use pseudonyms online. The text of the German law, section 13(6) of the Telemedia Act (TMA) [PDF], reads:
“The service provider must enable the use of telemedia and payment for them to occur anonymously or via a pseudonym where this is technically possible and reasonable. The recipient of the service is to be informed about this possibility.”
Facebook objected and argued that its real name policy protects users, and more importantly, that the German law was inapplicable. Facebook said its policy complies with European data protection laws, and earlier this month, the administrative court for Schleswig-Holstein agreed.
“The administrative court for Schleswig-Holstein suspended enforcement of an order saying Facebook must let users register under a pseudonym. The order is most likely illegal and shouldn’t apply while Facebook fights it.”
“European rules say German law doesn’t apply if the data is processed by a branch in another EU member state, the court said. Facebook’s German unit only works in marketing and sales and thus can’t trigger the application of German data protection law, the judges said.”
The decision creates a slippery slope. German state privacy laws are clearly more stringent than those found in Ireland, home of Facebook’s European HQ. Companies are incentivized now to venue-shop and headquarter themselves in countries with lenient privacy regulations. It is that concern that is prompting Thilo Weichert, the data protection commissioner that issued the initial order, to appeal the German administrative court’s decision.
This dispute raises fascinating international law issues. The conflict of laws for multi-national corporations is always a concern, resulting in contracts replete with clauses establishing venue and choice of law. But the borderless nature of Internet entities like Facebook creates unique problems. Legal scholars have explored the issue of what law applies to the Internet for more than 15 years, but aside from theoretical proposals, few concrete laws have emerged. Competing philosophies—some jurisdictions hold the controlling law to be that of where the website is domiciled, while others hold the website to the laws of the country where the harm took place—can make it impossible for an Internet entity to be in compliance with all jurisdictions in which it does business.
The German court’s decision offers some clarity—since Facebook’s European headquarters is based in Ireland, Irish law applies. Until an international standard emerges, however, there is unlikely to be consistency in the amorphous area of Internet law applicability.