The Data Protection Officer responsible for the German Government and all its departments has told them that the official German Government page and all department pages need to be removed by the end of the year.
This is based on an EU court decision from 2018. If a business / government runs a Facebook page to communicate with their citizens / customers, they are jointly responsible under GDPR for the processing of the data collected by Facebook. That means that whatever Facebook does with the data collected on that Facebook Page is also the responsibility of the Page “owner”.
As it is not possible to enter into any form of contract with Facebook to enable insight or to define what is and is not allowed on the Page, the Page owner is liable for any illegal activities or data leaks that Facebook is responsible for - E.g. transferring the user data outside the EU (storing it on US servers, for example), sharing that information with third parties or, if Facebook had a programming error or they get hacked and the information is generally released on the Internet, the owner(s) of the Page(s) affected would also be liable to prosecution or private lawsuits for compensation.
(Source: Current issue of c’t magazine, not yet online)