Facebook disagrees with the CNIL ruling / Press Association

The social network has been under investigation in the Netherlands and France

Facebook has been found to have violated data privacy rules in France and the Netherlands. 

The company has been fined €150,000 by France’s privacy watchdog, the maximum amount permitted by French law when the investigation started in 2014.

The Commission Nationale de l’Informatique et des Libertés (CNIL) described the social network’s tracking practices as “unfair”, and concluded that it was not acting in compliance with the French Data Protection Act.

“The investigations conducted by the CNIL have revealed several failures,” it revealed in a statement. “In particular it has been observed that FACEBOOK proceeded to a massive compilation of personal data of Internet users in order to display targeted advertising. 

“It has also been noticed that FACEBOOK collected data on browsing activity of internet users on third-party websites, via the “datr” cookie, without their knowledge.”

The CNIL announcement also referenced similar investigations into Facebook’s activities in the Netherlands, Belgium, Spain and the German city of Hamburg.

The investigation in the Netherlands hasn’t resulted in a fine for Facebook, but the Dutch Data Protection Authority (DPA) says it may “issue a sanction” if the company continues to violate privacy laws in the country.

“The company breaches Dutch data protection law including by giving users insufficient information about the use of their personal data,” it announced. 

“The Dutch DPA has also found that the Facebook Group uses sensitive personal data from users without their explicit consent. For example, data relating to sexual preferences were used to show targeted advertisements.”

Facebook has now stopped that practice, says the DPA, but it's still assessing whether the company's other violations have stopped.

Last year, France’s CNIL gave Facebook three months to stop tracking the online activities of non-users without their consent.

Its investigation has found that Facebook did not “provide direct information to internet users concerning their rights and the use that will be made of their data”, did not “allow users to validly oppose to cookies placed on their terminal equipment” and did not “demonstrate the need to retain the entirety of IP addresses of users all along the life of their account”.

Facebook disagrees with the CNIL ruling.

“We take note of the CNIL’s decision with which we respectfully disagree,” a Facebook spokesperson told Reuters.

“At Facebook, putting people in control of their privacy is at the heart of everything we do. Over recent years, we've simplified our policies further to help people understand how we use information to make Facebook better.”