Facebook fined 1.2 million euros for breaking privacy laws by Spanish data watchdog
Facebook has been slapped with a fine of 1.2 million euros ($1.44 million) for failing to protect its usersโ data from being allegedly used for promotion by advertisers on three instances, announced the Spainโs data protection agency (AEPD) on Monday.
According to the Spanish Data Protection Agency, the social networking giant collected personal information from its users in Spain without obtaining their “unequivocal consent” and without letting them know how such information would be used.
“Facebook collects data on ideology, sex, religious beliefs, personal tastes or navigation without clearly informing about the use and purpose that it will give them,” the statement said.
The privacy policy of Facebook “contains generic and unclear terms” and it “does not adequately collect the consent of either its users or nonusers, which constitutes a serious infringement” of data protection rules, said the watchdog.
The agency said it also found evidence that Facebook stored information of deleted accounts.
โWhen a social network user has deleted his account and requests the deletion of the information, Facebook still keeps the information for more than 17 months, through a deleted account cookie,โ it added. โTherefore, the personal data of the users is not cancelled in full when it is no longer useful for the purpose for which it was collected, nor when the user explicitly requests its removal.โ
Since it doesnโt, the AEPD found two โseriousโ violations and one โvery seriousโ violation of the countryโs Organic Law on Data Protection (LOPD), for which it fined the social network 300,000 euros for each of the first and 600,000 euros for the second respectively.
It concluded that the average Facebook user is unaware of how the social network collects, stores and uses their data on third-party websites.
The AEPD said it worked on the investigation into the social network company in co-ordination with the data protection authorities of other European countries such as Belgium, France, Germany and the Netherlands.
The company that posted advertising revenues of $9.2 billion in the second quarter that came mainly from mobile video ad sales, for them the 1.2-million-euro fine is too a trivial amount to get worried about.
When Facebook was contacted on the matter regarding the fine by TNW, it responded by saying that โWe take note of the DPAโs decision with which we respectfully disagree. Whilst we value the opportunities weโve had to engage with the DPA to reinforce how seriously we take the privacy of people who use Facebook, we intend to appeal this decision.
โAs we made clear to the DPA, users choose which information they want to add to their profile and share with others, such as their religion. However, we do not use this information to target adverts to people.โ
โFacebook has long complied with EU data protection law through our establishment in Ireland. We remain open to continuing to discuss these issues with the DPA, whilst we work with our lead regulator the Irish Data Protection Commissioner as we prepare for the EUโs new data protection regulation in 2018.โ
Earlier this year, Facebook was fined $122 million in fine by the European Commission for providing “incorrect or misleading” information during its purchase of WhatsApp in 2014.