Data & IT Law Monthly February 2016: Data & Pre-contractual Information Duties or Facebook’s non-users tracking

The overview of interesting Data & IT Law articles and news in February 2016!


Europeans may sue US agencies that violate privacy laws

In February, the US Senate had passed the Judicial Redress Act. The act will let Europeans “bring civil actions in the US if agencies there intentionally violate the US Privacy Act when handling personal data, such as making unauthorized disclosures (…) (I)t will also enable Europeans to sue if an agency refuses them the opportunity to review or amend incorrect records.”

The article notes that the act is not a requirement in the negotiations for the new US-EU data agreement. However, it should help to restore trust between both entities. The Act needs to be signed by the President.


The use of data to improve pre-contractual information duties

Christian Twigg-Flesner’s Research Handbook on EU Consumer and Contract Law (2016) includes a work by Christoph Busch from University of Osnabrück. Its name is “The Future of Pre-Contractual Information Duties: From Behavioural Insights to Big Data”.

The author argues, that “a growing body of research from behavioural economics, psychology and neuroscience has questioned the information paradigm that constitutes a hallmark of EU consumer law.”

In the final section of the article, the author “looks at how in the near future a more technological approach to disclosure based on Big Data analytics could lead to a transformation of the information model from standardized to personalized disclosures.”


France and Germany rule against Facebook’s Friend Finder tool or about non-users tracking

The authorities in other European countries had decided cases against Facebook (after a recent case in Belgium – see an article at dataitlaw).

In Germany, the Federal Court of Justice ruled that Facebook‘s Friend Finder tool is unlawful. It held that the feature constitutes advertising harassment. According to the article in, the court noted that Facebook “had not adequately informed members about how it was using their contacts’ data” and concluded that this was a deceptive marketing practice that violated German laws on data protection and unfair trade practices.

In France, the Data protection Authority ordered Facebook to stop tracking the web activity of non-users without their consent in three months. Moreover, in the same period of time, Facebook has to stop transferring personal data to US on the basis of Safe Harbour. According to the article at Business Insider, Facebook “does not use Safe Harbour as a means of moving data to the United States and has set up alternative legal structures to continue its transfers in line with EU law.”


The legal battle to make Apple help FBI to hack iPhone

The situation after San Bernardino December mass shooting led to an interesting case about privacy. The FBI wanted Apple to help them hack an iPhone belonging to one of the killers. Apple refused.

According to the article in Guardian, “(t)he law operates on precedent, so the fundamental question here isn’t whether the FBI gets access to this particular phone,” said Julian Sanchez, a surveillance law expert at the libertarian-leaning Cato Institute in Washington. “It’s whether a catch-all law from 1789 can be used to effectively conscript technology companies into producing hacking tools and spyware for the government.”

The situation might change, when a court ordered Apple to build a software that would allow the FBI to guess the password as many times as necessary. However, Apple argues that firstly it is impossible and secondly, “it will give the government sweeping authority to dictate how Silicon Valley builds products in the future.“

Leave a Reply

Your email address will not be published. Required fields are marked *