Facebook has been slapped with a fine of 1.2 million euros ($1.44 million) for failing to protect its users’ data from being allegedly used for promotion by advertisers on three instances, announced the Spain’s data protection agency (AEPD) on Monday.
According to the Spanish Data Protection Agency, the social networking giant collected personal information from its users in Spain without obtaining their “unequivocal consent” and without letting them know how such information would be used.
“Facebook collects data on ideology, sex, religious beliefs, personal tastes or navigation without clearly informing about the use and purpose that it will give them,” the statement said.
The agency said it also found evidence that Facebook stored information of deleted accounts.
“When a social network user has deleted his account and requests the deletion of the information, Facebook still keeps the information for more than 17 months, through a deleted account cookie,” it added. “Therefore, the personal data of the users is not cancelled in full when it is no longer useful for the purpose for which it was collected, nor when the user explicitly requests its removal.”
Since it doesn’t, the AEPD found two “serious” violations and one “very serious” violation of the country’s Organic Law on Data Protection (LOPD), for which it fined the social network 300,000 euros for each of the first and 600,000 euros for the second respectively.
It concluded that the average Facebook user is unaware of how the social network collects, stores and uses their data on third-party websites.
The AEPD said it worked on the investigation into the social network company in co-ordination with the data protection authorities of other European countries such as Belgium, France, Germany and the Netherlands.
The company that posted advertising revenues of $9.2 billion in the second quarter that came mainly from mobile video ad sales, for them the 1.2-million-euro fine is too a trivial amount to get worried about.
When Facebook was contacted on the matter regarding the fine by TNW, it responded by saying that “We take note of the DPA’s decision with which we respectfully disagree. Whilst we value the opportunities we’ve had to engage with the DPA to reinforce how seriously we take the privacy of people who use Facebook, we intend to appeal this decision.
“As we made clear to the DPA, users choose which information they want to add to their profile and share with others, such as their religion. However, we do not use this information to target adverts to people.”
“Facebook has long complied with EU data protection law through our establishment in Ireland. We remain open to continuing to discuss these issues with the DPA, whilst we work with our lead regulator the Irish Data Protection Commissioner as we prepare for the EU’s new data protection regulation in 2018.”
Earlier this year, Facebook was fined $122 million in fine by the European Commission for providing “incorrect or misleading” information during its purchase of WhatsApp in 2014.