The OVG Lüneburg decided on January 19, 2021 that the publication of a photo on a fan page on Facebook, on which people can be identified, constitutes processing of personal data that requires legitimation according to data protection regulations.
The OVG Lüneburg has thus confirmed the warning previously issued by the responsible data protection authority.
For the layman, this means that you need a legal basis to publish such photos. The legal basis in data protection law can, for example, be the legitimate interest of the processor of the personal data as the operator of the fan page. The legal basis for the use would then be Art. 6 Para. 1 lit. f GDPR.
This rule is as follows.
The processing is only lawful if at least one of the following conditions is met the processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, outweigh them, especially if the person concerned is a child.
The term “legitimate interests” within the meaning of Article 6 (1) (f) GDPR means “the reasonable expectations of the data subject” (see Recital 47 GDPR), i.e. all legal, economic or non-material interests.
In its decision, however, the OVG Lüneburg decided against a legitimate interest of the person responsible: It says in the decision:
If the goal of data processing can also be achieved through the publication of anonymized data, unanonymized publication is not necessary. In the case of a photo published on a fan page on Facebook, on which people can be identified who have not consented to the publication, in the context of balancing interests according to Art. 6 Para. 1 lit. that such a publication is associated with considerable risks due to the existing possibilities of abuse and due to the large reach of such networks.
Have you also received post or a fine from a data protection authority?
We advise you nationwide also at short notice by phone.
About our law firm and our activities:
We, the law firm HvLS Hämmerling von Leitner-Scharfenberg, advise our lawyers and specialist lawyers for IT law (including data protection) as well as TÜV-certified data protection officers and TÜV-certified data protection auditors in all areas of data protection.
- Just call us without obligation.
- Send us an email at [email protected] or [email protected]
- Or use the “send message” function from anwalt.de and send us such a message.
- We will usually get back to you on the same working day. Please provide a callback number.
–
