Contrary to the previous view of the law, a German member of Facebook can no longer rely on the strict guidelines of German data protection. With the recent decisions of the Higher Administrative Court of Schleswig-Holstein[i] from 22 Apr 2013 the provisional execution of the Independent Centre for Privacy Protection (ICPP) was effectively abolished. The ICPP lost against the well-off Menlo-Park-based Facebook Inc. (USA) and Facebook Ireland Ltd. Thus an anonymous or pseudonymous membership as it is granted by the German Telemedia Act, is no longer available to German Facebook users, per this case law. So the Irish and in the broadest sense European data protection law is valid, even if the real name requirement may be circumvented in practice.

Comparison between international tax law and data protection law

Similar to the intertwined tax optimization methods mostly employed by U.S. companies, many a big player in the IT sector also makes use of the freedom of choice when it comes to data protection law. Quite legally, the company headquarters get registered in exactly that area of jurisdiction where the most liberal options are offered in terms of application of the law. In which European country a Facebook Member is domiciled is ultimately secondary - this applies to both individuals as well as commercial users of Facebook. It is the responsibility of involved political representatives to find a solution that tames the expanding data protection havens with a new European data protection regulation. The Computer Chaos Club is concerned that with a simple matching up of the European data protection regulations, a deterioration in the level of data protection for countries that so far had high standards will occur.

The protection of data is not reversible

But there is a difference to the international tax law. Once a company has transferred the money from a foreign account back to the parent company, the provisional tax remission of the U.S. tax authorities no longer applies. The company is then obligated to pay the difference to the IRS ex post facto. The idea to obligate IT companies ex post facto , to respect the right of the individual user in terms of his informational self-determination, however, is useless. Personal information is not exactly equivalent to monetary resources.

Wasn’t there something else?

Sure, Facebook Germany GmbH with its headquarters in Hamburg. The Higher Administrative Court, however, has been convinced about the internal organizational structure, by corporate lawyers. Accordingly, the entity located on the Rathhausmarkt 5, but actually operated from the Großen Burstah 52, is responsible only for the local ad sales and marketing. On the other hand the Irish branch is the definite operating unit for all users outside the U.S. and Canada - per Facebook Inc. Less likely is that U.S. privacy groups will be impressed by the Irish data protection law in the future.

For German users, it depends on the location of the provider

Furthermore the usual unequal treatment means a competitive advantage for Facebook, or foreign registered companies active in Germany. German companies have to continue to adhere to the national data protection laws, for lack of corporate headquarters in another European country.

However, in another proceeding before the Administrative Court Schleswig, it is still under discussion whether the German data protection law is to be applied at least for Facebook fan page operators located in Germany.