Facebook hit with maximum fine for breaking French privacy law

Facebook hit with maximum fine for breaking French privacy law

The French data protection watchdog has imposed its harshest penalty on Facebook for six breaches of French privacy law.

The breaches include tracking users across websites other than Facebook.com without their knowledge, and compiling a massive database of personal information in order to target advertising.

The French National Commission on Computing and Liberty (CNIL) began its investigation of Facebook and its European subsidiary, Facebook ireland, after the company made changes to its terms and conditions outlining the practices in January 2015.

CNIL wasn't the only organization concerned by Facebook's changes: data protection authorities in Belgium, the Netherlands, Spain and Hamburg, Germany also began investigations around the same time.

After a year's digging, including visits to Facebook offices, CNIL sent the company a formal notice giving it three months to comply with the French Data Protection Act. Facebook asked for, and was granted, an extension, in order to respond.

Facebook's response, when it eventually came, did not satisfy CNIL, which has now decided to impose a fine -- the largest it can under French law -- of €150,000 (US$166,000).

That might be enough to persuade smaller businesses to change their behavior, but for Facebook it's just 25 minutes' profit, based on last year's financial results.

In future, though, similar infringements could result in much stiffer penalties. Today, businesses operating across the European Union must deal with privacy laws on a country-by-country basis, answering to each of the national regulators, few of which are able to impose dissuasive fines.

From May 25, 2018, though, the General Data Protection Regulation (GDPR) will introduce a single set of privacy rules across the EU's 28 member states, and raise the fines to €20 million ($22 million) or 4 percent of worldwide revenue.

Companies wishing to avoid the same fate should avoid the faux pas for which Facebook was fined:

- Combining all the information it has on account holders to display targeted advertising without a legal justification for the process: While users may control the display of targeted advertising, they cannot opt out of the data collection and combination behind it, CNIL noted;
- Tracking internet users via the “datr,” cookie planted by third-party sites using a Facebook plug-in, without giving clear and precise information about the tracking;
- Not providing clear information to internet users signing up for the service about their rights and the use that will be made of their data;
- Collecting sensitive personal information without explicit consent;
- Preventing users from blocking the storage of cookies on their phones and computers, and
- Storing, without good reason, all the IP addresses from which users have ever accessed their account.

IDG Insider

PREVIOUS ARTICLE

«Microsoft, Amazon go after enterprises with new SAP cloud offerings

NEXT ARTICLE

Visual Studio may gain AI smarts around available code»

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should we donate our health data the same way we donate organs?