The Federation of German Consumers Organisation (vzbv) [advocacy website], was based on the country’s Federal Data Protection Act. According to the Federal Data Protection Act, personal data may only be collected and used with the consent of those involved. Providers are required to provide clear and understandable information about the nature, extent and purpose of the use of the data for the users to make informed choices. However, these requirements were not met by Facebook and users were automatically opted into features. vzbv said that Facebook’s default settings and some of its terms of service were in breach of consumer law by denying consumers of a “meaningful choice”, and that the court found some of the social network’s data consent policies to be invalid. “Facebook hides default settings that are not privacy-friendly in its privacy centre and does not provide sufficient information about it when users register,” said Heiko Duenkel, litigation policy officer at the vzbv. “This does not meet the requirement for informed consent.” Several Facebook’s terms of service, including its authentic name policy and data transmission policies, were illegal, the court said. In total, eight of Facebook’s clauses were found to be illegal. The court also added that having certain default settings in place did not constitute users giving consent to privacy related matters. In a statement issued by vzbv, it said, “In the Facebook app for smartphones, for example, a location service was pre-activated that reveals a user’s location to people they are chatting to. In the privacy settings, ticks were already placed in boxes that allowed search engines to link to the user’s timeline. This meant that anyone could quickly and easily find personal Facebook profiles.” Although the judgement was issued by Berlin Regional Court on January 16, the vzbv publicly posted a copy of the ruling on its website only this Monday. In response to the German ruling, Facebook said it would appeal the ruling. However, in the meantime, Facebook plans to update its data protection guidelines and its terms of service, largely to comply with upcoming GDPR laws. “We are working hard to ensure that our guidelines are clear and easy to understand, and that the services offered by Facebook are in full accordance with the law,” Facebook said.