Facebook’s Privacy Policy Reviewed by Hamburg Data Regulator

Mark Zuckerberg, founder of Facebook Inc. meets Angela Merkel, Germany's chancellor as they arrive for the internet session of the Group of Eight summit in Deauville, France, on Thursday, May 26, 2011.

Mark Zuckerberg, founder of Facebook Inc. meets Angela Merkel, Germany's chancellor as they arrive for the internet session of the Group of Eight summit in Deauville, France, on Thursday, May 26, 2011.

Photographer: Chris RatcliffeBloomberg

Facebook Inc. is being quizzed by Hamburg’s privacy watchdog amid concerns the social network giant’s revamped user-data policies may violate German law.

Facebook was given until the end of the next month to respond to questions on the data handling and may face a probe if it fails to allay concerns, the regulator, Johannes Caspar, said Wednesday in Berlin. He also discussed the issue with lawmakers at a hearing at the German parliament earlier today.

“I think it’s problematic that Facebook wants to exchange user data between all of its various units, including WhatsApp and Instagram,” said Caspar. “I will coordinate with my various European colleagues to see what action may be needed.”

Facebook in November alerted its users of changes that would give the company the right to use information and images for commercial purposes. It later delayed implementation to Jan. 30 from the start of the year. In December, the Dutch privacy regulator opened a probe into the Menlo Park, California-based company’s policy changes.

Caspar and other German regulators have been fighting with Facebook for years over the implementation of European data-protection rules. The U.S. company, which has its European headquarters in Dublin, has argued that the Irish regulator has jurisdiction over its compliance with privacy law.

Facebook said in an e-mailed statement that it’s confident the updates comply with applicable laws.

Jurisdiction Clash

“As a company with international headquarters in Dublin, we routinely review product and policy updates -- including this one -- with our regulator, the Irish Data Protection Commissioner, who oversees our compliance with the EU Data Protection Directive as implemented under Irish law,” it said.

While Facebook has its European base in Ireland, Caspar considers that he has jurisdiction because the company also has a branch in Hamburg that processes data of people from Germany. Facebook disputes his claim, Caspar said.

Facebook was forced in 2012 to delete data collected for its facial recognition program following a probe by the Irish data watchdog.

“The discussions are ongoing with Facebook,” the Irish regulator’s press service said in an e-mail on Wednesday. Reiterating its position in December, the Irish regulator said it had “made a number of recommendations to” the company and “Facebook has positively engaged with us on this.”

Before it's here, it's on the Bloomberg Terminal. LEARN MORE