The Baden-Württemberg state data protection officer Stefan Brink is withdrawing from the short message service Twitter. The news agency dpa said Brink that he would delete his account with around 5,400 followers as of January 31, 2020. Twitter was no longer compatible with his work as a data protection officer, as the service collected user data and processed it into user profiles for advertising purposes. Brink initially announced his decision on December 30, 2019 on Twitter.
The background to this is a decision of the European Court of Justice (ECJ) on Facebook, which has now been applied to German law by the Federal Administrative Court. Accordingly, users of social networks such as Facebook and Twitter also share responsibility for how the data is handled. With their site or their account, they are a kind of door opener for the data collection of the companies.
Abstinence for all authorities and companies?
According to Brink, the abstinence from social networks is not only mandatory for him as data protection officer, "but for all authorities and private companies that use social media". Brink believes that the General Data Protection Regulation does not apply to private individuals. He would therefore speak to authorities, especially ministries, and then to companies this year. These talks could result in "that we may exercise our supervisory powers and order that, for example, authorities leave social media."
Brink now wants to communicate with Internet users via other channels, for example via non-commercial and decentralized networks such as Mastodon. Saying goodbye to Twitter "hurts," said dink's Brink, "but we have to try to build a legitimate alternative."
Hope to give in to Twitter and Facebook
Brink had prepared an impact assessment at the end of 2017 in which he considered the use of Twitter to be unproblematic. At that time, however, the GDPR was not yet valid and the Facebook judgment of the Federal Administrative Court had not yet been made either. In data protection circles, the twittering of his supervisory authority was then considered critical. Federal data protection officer Ulrich Kelber and the French and British data protection supervisory authorities also each have a Twitter account.
The Twitter account of the European Data Protection Board is also viewed critically, as it is currently preparing an opinion on the use of social media with invasive range analysis tools. The supervisory authorities would therefore not have to hold users accountable if the services they use, such as Twitter and Facebook, do not include range analysis tools that are not transparent to users. However, the responsible data protection supervisory authority in Ireland has been refusing to clarify the issue directly with Twitter and Facebook for two years.
The Irish authority is supported in its course above all by the supervisory authorities in small European countries such as Luxembourg or Malta, who want to prevent large states from interfering in their data business markets. Since each authority has one vote in the committee, the small states can outvote large states like France and Germany that want a clear course.
The hope of the German supervisory authorities, who have already clearly positioned themselves on the subject of shared responsibility on Facebook fan pages in recent years, is that Facebook and Twitter will give in and make their service more privacy-friendly as soon as it becomes clear that they are not being used by authorities and companies tolerate.