|By Kramer Phillips | 3 years ago|
A Spanish government agency hit Facebook with a €1.2M (approximately $1.4 million) fine for privacy violations related to its data-harvesting activities. The agency, the Spanish Agency for Data Protection (AEPD), said that Facebook had broken the rules by collecting users’ personal data and disseminating it to advertisers without the users’ express consent.
Facebook’s data collections compile information on users’ political and religious beliefs, sex, personal tastes, and Webpage visits, all without “clearly informing the user about the use and purpose,” the AEPD said in a statement.
The agency also objected to Facebook’s use of web-browsing cookies, which can continue to track users when they close out and visit non-Facebook Web pages. Additionally, the agency faulted Facebook for not deleting harvested data once it was done using it. The agency concluded that Facebook’s activities violate three Spanish data-privacy laws.
Facebook said in a statement that it plans to appeal AEPD’s ruling. Its statement asserted that Facebook data practices are in keeping with data-privacy laws in Ireland, where its EU headquarters is located. The headquarters’ Ireland location means that Irish law, not Spanish law, is the legal framework to which Facebook is subject, the statement said.
“Facebook has long complied with EU data protection law through our establishment in Ireland. We remain open to continuing to discuss these issues,” the statement read.
The verdict is the latest of several fines that European governments have levied against the social-networking giant this year. And more friction between Facebook and European regulators may be yet to come. EU agencies are enacting stricter data-protection rules as part of a new GDPR regulatory framework that goes into effect in May. The new regulations expand the amounts of personal data subject to protection and will impose fines as high as 4% of the guilty companies’ entire global revenue.