Facebook has two weeks to respond before German authorities take legal action. The site could face up to half a million dollars in fines.

This is not the first time that Facebook has been on the wrong side of the law in Germany. Last July, Caspar launched a similar case against Facebook for saving data of people who hadn't even signed up for the social network. Like they're now doing more aggressively with their facial recognition feature, Facebook collected data about non-Facebook users through the Friend Finder feature and then stored it without permission. German authorities threatened legal action then, but it took Facebook nearly six months before they finally disabled the feature. In the meantime, German lawmakers proposed a moratorium on the use of Facebook during the hiring process, and also floated a ban on Facebook parties after 1,600 people showed up at a girl's sweet sixteen after a public Facebook event went viral.

Like we said, privacy has been the theme, here. Cyrus Farivar at Deutsche Welle explains:

Germany has among some of the strictest data protection and privacy laws in the European Union, largely created in the wake of informational abuses perpetrated by the Nazis and the Stasi, the East German secret police. One of the foundational concepts of German data protection law is that no data can be collected without the express consent of the user.

One could imagine that Facebook failing to respond to German officials' allegations could balloon into a damaging conversation about 21st-century surveillance. (Google, by comparison, avoided debate and quickly complied when accused of violating German privacy laws, halting their street view service.) Provoking any comparison to the Nazis or the Stasi would undoubtedly be a PR nightmare for Facebook.

Still, the company doesn't seem to be responding too quickly. "We have repeatedly asked Facebook to shut down the facial recognition function and to delete the previously stored data," said Caspar in a statement Tuesday. Facebook's PR team then told Spiegel Online that they "firmly rejected any accusations that we are not complying with our obligations to European Union data protection laws." Crafty of them to glaze over German law, there.

This article is from the archive of our partner The Wire.

We want to hear what you think about this article. Submit a letter to the editor or write to letters@theatlantic.com.