Today, the Bundeskartellamt presented its final report of the sector inquiry into messenger and video services in Germany. This investigation looked at the technical and legal framework for these digital services with a particular focus on data protection and security.
This final report is based on the survey results with more than 40 messenger and video services, numerous expert interviews and the evaluation of various studies. Previous studies addressed topics such as comparison portals (2019), user ratings (2020), smart TVs (2020) and mobile apps (2021).
The following consumer law deficits were identified:
- There are violations of the GDPR, for example, if data of contacts who are not registered on the respective messenger or video service is also collected when the contact list is synchronized – especially if this is done permanently and even with encrypted phone numbers.
- Personal data of German and European consumers may only be transferred and stored in countries with a level of data protection comparable to the European GDPR. For example, data transfer and storage in the USA is currently illegal and in this regard some services do not act in a legally compliant manner.
- According to the Unfair Competition Act, consumers must be truthfully informed about how the safety of their communications is guaranteed, for example by means of encrypted data, and there are many services with room for improvement.
Andreas Mundt, President of the Bundeskartellamt, said: "Messenger and video services have become an everyday means of communication for most of us. Users are often unaware that the protection of their personal data is not equally guaranteed by all services. The legal regulations and the technical principles of data security are complex, multi-layered and difficult to understand. Clear requirements, education, and more transparency could ensure that the issue of data protection takes on greater significance when consumers decide for or against one messenger service or another. As a result, the incentive for service providers to ensure a high level of data protection would in turn be greater."