On Tuesday, two European privacy watchdogs rebuked Facebook over the methods the company uses to collect data about its users. French and Dutch officials said that Facebook broke European rules surrounding privacy and data protection. According to the two separate statements, Facebook had collected information about users (and non-users) through third-party sites without their knowledge, and in addition had not provided users with sufficient control over how the information was eventually used by the company. In addition, Facebook must pay a fine of €150,000 (approximately $164,000) to the French regulator, the Commission Nationale de l’Informatique et des Libertés (CNIL). The Dutch privacy authorities have reportedly yet to impose a financial penalty on Facebook, saying that they were satisfied that the company has made changes, although there is still a strong possibility that they may still decide to impose some sanctions.
This investigation has been going on for around two years and had also involved Spanish and German authorities. Europe has very strict privacy laws and regulators have long had concerns over the way Facebook collects and uses data, not just about their users, but also internet users who happen to land on third-party sites. Those authorities have felt that the way that Facebook collected data was unclear, and did not give users enough options to opt out. The Dutch data authority also stated that they had additional concerns that the social networking company was targeting its adverts to users based on sensitive, and very personal information, such as their sexual preferences. From next year, any company who is found to be in breach of privacy regulations in Europe may face extremely stiff penalties under a new law which comes into effect in 2018. The General Data Protection Regulation allows for huge fines to be levied on companies -up to 4% of their annual global revenues – which, for Facebook, would amount to a a significant sum.
A Facebook spokeswoman, Lena Pietsch, reportedly said in a statement that “Facebook has long complied with E.U. data protection law through our establishment in Ireland, we remain open to continuing to discuss these issues with the CNIL.” The company has not yet stated whether it plans to appeal the ruling, although last year, Facebook won an appeal against Belgian authorities who had concerns that Facebook was collecting too much data about its users.