Facebook has been fined the maximum possible amount – €150,000 ($166,000) – by France's data protection watchdog for gathering information on internet users without their permission.
The Commission Nationale de l'Informatique et des Libertés (CNIL) cited the social media giant for six violations, including collecting information on users "without having a legal basis" in order to target them with advertising, as well as tracking people unfairly and not giving users any warning that they were being tracked.
The fine follows a warning from the watchdog last year that Facebook should stop tracking the web activity of non-users of the service without getting their consent, and an order to stop some transfers of personal data back to the US.
CNIL was not mincing words in a statement about the fine: "Facebook proceeded to a massive compilation of personal data of internet users in order to display targeted advertising ... it collected data on the browsing activity of internet users on third-party websites, via the 'datr' cookie, without their knowledge."
Vas t'en to Dublin, Pierre
Facebook, which continues to argue, successfully, that any issues with data protection should go through the Irish watchdog since its European headquarters are in Ireland, was its usual self.
"We take note of the CNIL's decision with which we respectfully disagree," it said in a statement. "At Facebook, putting people in control of their privacy is at the heart of everything we do." And went on, again, about how it has simplified its privacy policies.
Things may be getting worse for the company in Europe, however. The CNIL noted that its fine resulted from a joint investigation with its counterparts in Belgium, Germany, Spain and the Netherlands.
Not only that, but new data protection laws will come into effect in Europe in 2018 and they include the ability to fine a company up to four per cent of its global turnover if it breaches user privacy – something that could result in a billion-dollar fine if Facebook continues with its current approach.
In addition, Facebook is being investigated in the UK over how its subsidiary WhatsApp handles privacy concerns and how it shares data with the mothership.
And a looming headache is coming in the form of a review of the Privacy Shield – which covers data transferred across the Atlantic. Thanks to the actions and statements of President Trump, there is a serious question mark over the legality of that critical agreement, which could further affect Facebook (and just about every other global internet company).
In short, Europe has increasingly decided that it will not continue to allow US-based tech giants to break European law. It is prepared to hit them where it hurts – in the pocket – to force them to comply with data protection laws. ®