The Bundeskartellamt has  imposed on Facebook far-reaching restrictions in the processing of user data.

According to Facebook's  terms and conditions users have so far only been able to use the social  network under the precondition that Facebook can collect user data also  outside of the Facebook website in the internet or on smartphone apps and  assign these data to the user’s Facebook account. All data collected on the  Facebook website, by Facebook-owned services such as e.g. WhatsApp and  Instagram and on third party websites can be combined and assigned to the  Facebook user account.

The authority’s decision  covers different data sources:

(i)    Facebook-owned services like  WhatsApp and Instagram can continue to collect data. However, assigning the  data to Facebook user accounts will only be possible subject to the users’  voluntary consent. Where consent is not given, the data must remain with the  respective service and cannot be processed in combination with Facebook data.

(ii)   Collecting data from third party  websites and assigning them to a Facebook user account will also only be  possible if users give their voluntary consent.

If consent is not given for  data from Facebook-owned services and third party websites, Facebook will  have to substantially restrict its collection and combining of data. Facebook  is to develop proposals for solutions to this effect.

Andreas Mundt, President of  the Bundeskartellamt: “With regard to Facebook’s future data processing policy, we are  carrying out what can be seen as an internal divestiture of Facebook’s data. In future, Facebook will  no longer be allowed to force its users to agree to the practically  unrestricted collection and assigning of non-Facebook data to their Facebook  user accounts. The combination of data sources substantially contributed to  the fact that Facebook was able to build a unique database for each  individual user and thus to gain market power. In future, consumers can  prevent Facebook from unrestrictedly collecting and using their data. The  previous practice of combining all data in a Facebook user account,  practically without any restriction, will now be subject to the voluntary  consent given by the users. Voluntary consent means that the use of  Facebook’s services must not be subject to the users’ consent to their data  being collected and combined in this way. If users do not consent, Facebook  may not exclude them from its services and must refrain from collecting and  merging data from different sources.”

Facebook is the dominant  company in the market for social networks

In December 2018, Facebook  had 1.52 billion daily active users and 2.32 billion monthly active users.  The company has a dominant position in the German market for social networks.  With 23 million daily active users and 32 million monthly active users  Facebook has a market share of more than 95% (daily active users) and more  than 80% (monthly active users). Its competitor Google+ recently announced it  was going to shut down its social network by April 2019. Services like  Snapchat, YouTube or Twitter, but also professional networks like LinkedIn  and Xing only offer parts of the services of a social network and are thus  not to be included in the relevant market. However, even if these services  were included in the relevant market, the Facebook group with its  subsidiaries Instagram and WhatsApp would still achieve very high market  shares that would very likely be indicative of a monopolisation process.

Andreas Mundt: “As a dominant company  Facebook is subject to special obligations under competition law. In the  operation of its business model the company must take into account that  Facebook users practically cannot switch to other social networks. In  view of Facebook’s superior market power, an obligatory tick on the box to  agree to the company’s terms of use is not an adequate basis for such  intensive data processing. The only choice the user has is either to accept  the comprehensive combination of data or to refrain from using the social  network. In such a difficult situation the user’s choice cannot be referred  to as voluntary consent.”

Abuse of market power based  on the extent of collecting, using and merging data in a user account

The extent to which Facebook  collects, merges and uses data in user accounts constitutes an abuse of a  dominant position.

The Bundeskartellamt’s  decision is not about how the processing of data generated by using  Facebook’s own website is to be assessed under competition law. As these data  are allocated to a specific service users know that they will be collected and  used to a certain extent. This is an essential component of a social network  and its data-based business model.

However, this is what many  users are not aware of: Among other conditions, private use of the network is  subject to Facebook being able to collect an almost unlimited amount of any  type of user data from third party sources, allocate these to the users’  Facebook accounts and use them for numerous data processing processes.  Third-party sources are Facebook-owned services such as Instagram or WhatsApp,  but also third party websites which include interfaces such as the “Like” or  “Share” buttons. Where such visible interfaces are embedded in websites and  apps, the data flow to Facebook will already start when these are called up  or installed. It is not even necessary, e.g., to scroll over or click on a  “Like” button. Calling up a website with an embedded “Like” button will start  the data flow. Millions of such interfaces can be encountered on German  websites and on apps.

Even if no Facebook symbol  is visible to users of a website, user data will flow from many websites to  Facebook. This happens, for example, if the website operator uses the  “Facebook Analytics” service in the background in order to carry out user  analyses.

Andreas Mundt: By combining data from its  own website, company-owned services and the analysis of third party websites,  Facebook obtains very detailed profiles of its users and knows what they are  doing online.”

European data protection  provisions as a standard for examining exploitative abuse

Facebook’s terms of service  and the manner and extent to which it collects and uses data are in violation  of the European data protection rules to the detriment of users. The  Bundeskartellamt closely cooperated with leading data protection authorities  in clarifying the data protection issues involved.

In the authority’s  assessment, Facebook’s conduct represents above all a so-called exploitative  abuse. Dominant companies may not use exploitative practices to the detriment  of the opposite side of the market, i.e. in this case the consumers who use  Facebook. This applies above all if the exploitative practice also impedes  competitors that are not able to amass such a treasure trove of data. This  approach based on competition law is not a new one, but corresponds to the  case-law of the Federal Court of Justice under which not only excessive  prices, but also inappropriate contractual terms and conditions constitute  exploitative abuse (so-called exploitative business terms).

Andreas Mundt: “Today data are a decisive  factor in competition. In the case of Facebook they are the essential factor  for establishing the company’s dominant position. On the one hand there is a  service provided to users free of charge. On the other hand, the  attractiveness and value of the advertising spaces increase with the amount  and detail of user data. It is therefore precisely in the area of data  collection and data use where Facebook, as a dominant company, must comply  with the rules and laws applicable in Germany and Europe.”

The Bundeskartellamt’s  decision is not yet final. Facebook has one month to appeal the decision to  the Düsseldorf Higher Regional Court.

Bundeskartellamt就用户数据处理向Facebook施加了深远的限制。

根据Facebook的条款和条件，用户到目前为止得以使用该社交网络的前提是——用户必须同意Facebook收集其在Facebook网站或其智能手机应用程序之外的个人数据，并将这些数据与用户的Facebook账号相融合；以及，用户还必须同意由Facebook拥有的服务（例如WhatsApp和Instagram）在Facebook网站上收集的所有数据，以及Facebook在第三方网站上收集的用户数据，可以与Facebook用户账号相互融合。

Bundeskartellamt的该项决定覆盖了不同的数据来源：

（i）像WhatsApp和Instagram这样的为Facebook所拥有的服务，可以继续收集数据。但是，只有在用户自愿同意的情况下，才能将上述数据与Facebook用户帐户相融合。如果用户未给出同意，则数据必须保留在相应的服务中，并且不能与Facebook数据一起处理。

 （ii）只有在用户自愿同意的情况下，Facebook才能从第三方网站收集用户的数据，并将其与Facebook用户帐户相融合。

 如果用户没有给出上述两类同意，则Facebook必须大幅限制其收集和数据融合活动。 Facebook应为实现上述效果，自行提出解决方案。

 Bundeskartellamt主席Andreas Mundt对此表示：“关于Facebook未来的数据处理政策，我们正在开展可被视为对Facebook数据的内部剥离（internal divestiture）。未来，Facebook将不再被允许强迫用户同意其几乎不受任何限制的收集和将非Facebook数据与Facebook用户帐户相融合的行为。对不同数据源的收集和融合行为，大大促成了Facebook能够为每个用户专门构建专属的独特的数据库（即用户画像），并从而获得市场支配力（market power）。在未来，消费者可以阻止Facebook无限制地收集和使用他们的数据。过往不受限制地将不同数据源的数据与Facebook用户帐户相融合的做法，（在Bundeskartellamt做出该决定之后）将受到用户自主同意的约束。用户的自主同意，意味着用户得以使用Facebook服务不得以用户被迫同意上述数据收集和处理行为为前提。如果用户不同意，Facebook不得拒绝向用户提供服务，并且必须避免上述收集和数据融合行为。”

Facebook是社交网络市场中的具备市场支配地位的公司

在2018年12月，Facebook拥有15.2亿日活跃用户和23.2亿的月活跃用户。在德国，该公司在社交网络市场占据市场支配地位。凭借每日2300万活跃用户和3200万的月活跃用户，Facebook在德国的市场份额超过95％（就每日活跃用户来说）和超过80％（就每月活跃用户来说）。它的竞争对手Google+最近宣布将在2019年4月之前关闭其社交网络。其他诸如Snapchat，YouTube或Twitter等服务，以及LinkedIn和Xing等专业网络，仅仅提供社交网络的部分服务，因此上述服务不应被囊括入相关市场的界定中。然而，即使这些服务包含在相关市场中，Facebook集团及其子公司Instagram和WhatsApp仍将拥有非常高的市场份额，很可能表明存在一个垄断化的过程。

Andreas  Mundt表示：“作为一家占据市场支配地位的公司，Facebook应承担竞争法规定的特殊义务。在其商业模式的运作中，公司必须考虑到Facebook用户实际上无法转而使用其他社交网络。鉴于Facebook的优势市场力量，强制性地勾选同意公司的使用条款，并不是Facebook进行此类密集数据处理的充分依据。用户唯一的选择是接受全面的数据融合，或不使用社交网络。在这种困难的情况下，用户的选择不能称为自主同意。”

基于收集、使用、融合数据的滥用市场支配力

Facebook收集、融合和使用用户帐户中的数据的程度，构成滥用市场支配地位的行为。

Bundeskartellamt的该项决定并非关于Facebook处理基于自身网站所产生数据，在竞争法下如何评估的问题。由于这些数据处理为特定服务所需要，因此用户知道其数据将在一定程度上被Facebook所收集和使用。这是社交网络及其基于数据的商业模式的重要组成部分。

然而，许多用户并不知道的是：在其他条件下，使用该社交网络服务，取决于允许Facebook从第三方来源收集几乎无限量的任何类型的用户数据，将这些数据与用户Facebook帐户相融合，并在后续处理中用于各类的数据处理流程。第三方来源可以是Facebook拥有的服务，如Instagram或WhatsApp，还可以是嵌入Facebook“喜欢”或“分享”插件的第三方网站。在网站和应用程序中嵌入此类可见插件的情况下，网页调用或程序安装时，数据已经开始向Facebook传输。用户甚至不需要例如滚动或点击“喜欢”插件。访问嵌入了“喜欢”插件的网站，将自动启动向Facebook的数据传输。德国的网站和应用程序上存在数百万个此类嵌入Facebook“喜欢”或“分享”插件的网站和应用程序界面。
 
 
 

 即使在这样的网站上，用户看不到Facebook的logo，用户数据也会从这些网站向Facebook传输。例如，如果网站运营商在后台使用“Facebook Analytics”服务以执行对用户的分析，就会发生这种情况。
 
 
 

 Andreas Mundt表示：“通过将自己网站的数据、公司拥有的其他服务和第三方网站的数据相融合和分析，Facebook获得了非常详细的用户资料，并知道他们在网上做了什么。”
 

欧洲数据保护条款作为审查剥削性滥用行为的标准
 

Facebook的服务条款，以及其收集和使用数据的方式和程度，违反了欧洲数据保护规则，损害了用户的利益。 Bundeskartellamt就所涉及的个人数据保护问题，与数据保护机构密切合作。
 
 
 

据Bundeskartellamt的评估，Facebook的行为首先构成了所谓的剥削性滥用行为。占据市场支配地位的公司，不应使用剥削性做法来损害市场的相对方——在这种情况下，相对方即是使用Facebook的消费者。如果上述行为同时也阻碍其他竞争对手积累这样的数据宝库的话，同样构成剥削性滥用行为。这种基于竞争法的评估方法并非全新，而是符合联邦法院一贯的判例——即不但过高的价格，而且不恰当的合同条款和条件同样构成剥削性滥用（所谓的剥削性商业条款）。
 
 
 

Andreas Mundt表示：“当今，数据是竞争中的决定性因素。在Facebook这个案例中，数据是其建立公司市场支配地位的基本因素。一方面，Facebook免费向用户提供服务。另一方面，其提供的广告空间的吸引力和价值，随着用户数据的数量和细节的增加而增加。因此，正是在这样的数据收集和数据使用领域，作为占据市场支配地位的Facebook必须遵守德国和欧洲的的规则和法律”
 
 
 

Bundeskartellamt的决定并非最后决定。 Facebook有一个月的时间向杜塞尔多夫高等地区法院提出上诉。