Facebook hit with fine by French data watchdog over ad privacy failures
Facebook is being forced to shell out €150,000 to France's data protection regulator for failing to prevent its users' data being accessed by advertisers.
CNIL, the French data regulator, said the fine — which has been imposed on both Facebook and Facebook Ireland — was down to the fact the social network had collected and compiled user data "without having a legal basis" and "without obtaining their explicit consent."
Facebook hit with fine by French data watchdog over ad privacy breach
It claimed that Facebook was able to track websites individuals were visiting when they left Facebook's walls, and that this practice was unclear to the users themselves.
In a statement emailed to Reuters, Facebook said: "We take note of the CNIL’s decision with which we respectfully disagree."
The latest marketing news and insights straight to your inbox.
Get the best of The Drum by choosing from a series of great email briefings, whether that’s daily news, weekly recaps or deep dives into media or creativity.Sign up
A spokesperson added: "At Facebook, putting people in control of their privacy is at the heart of everything we do. Over recent years, we've simplified our policies further to help people understand how we use information to make Facebook better."
In a separate ruling also published today by the Dutch Data Protection Authority (DPA), officials claimed Facebook had targeted ads to users based on sensitive subjects such as their sexual preference. Unlike the French watchdog, however, it did not fine the company, saying the social network had made changes to be more transparent. Although, it did caution that it could still impose sanctions down the line.
The fine, and the slap on the wrist from the Dutch authorities, mark the latest struggle in the region for Mark Zuckerberg's company, with it having previously come under fire from European officials for its use of personal data.
The news comes 12 months ahead of new EU-wide privacy rules which formalise concepts like the ‘right to be forgotten’, data breach accountability, data portability and more. Dubbed the EU General Data Protection Regulation (GDPR), the legistlation will come into effect next May.