Spain is the latest European country to challenge Facebook on its compliance with national privacy laws. The Spanish data protection agency (AEDP in Spanish) issued a €1.2 million fine in early September citing three separate incidents, one ‘serious’ and two ‘moderate’. Among the alleged violations Facebook failed to disclose how it would use data collected on millions of Spanish users, as well as gathering data on non-users who visited Facebook’s pages and storing information on deleted accounts for more than 17 months.
Other Problems in Europe
The social media giant is facing numerous investigations and fines throughout Europe. The EU issued a €110 million penalty in May of this year citing privacy violations that took place during Facebook’s takeover of WhatsApp, especially false assertions that the texting app would not be joined to the company’s vast social media network. France also fined Facebook €150 million this year, while Belgium threatened a €250 million daily penalty last year if the company didn’t stop tracking users. Germany and the Netherlands have also cited Facebook’s privacy protection policies.
Facebook Continues to Challenge National Authority
Facebook continues to challenge regulations imposed by national data protection agencies, claiming that, with its European headquarters located in Ireland, all European activity falls under the jurisdiction of the Irish Data Protection Commissioner. This defence proved successful with the Brussels Appeals Court in 2016, allowing Facebook to dodge the Belgium Privacy Commission’s fine mentioned earlier.
Facebook is also contesting the Spanish fine, claiming that personal profile information is added voluntarily and not used for advertising. In a public statement, Facebook asserted that it has ‘long complied with EU data protection law’ and highlighted that the Irish Data Protection Commissioner was its ‘lead regulator’. The company also claims to be preparing for the new GDPR which will become applicable throughout Europe in May 2018.
If anything, Facebook’s conflict with the EU’s various data protection authorities highlights the importance of the new, universal protections contained in the GDPR. Without a central policy, it’s difficult for individual agencies to enforce data protection and privacy standards and in Facebook’s defence, it’s much more challenging for a large international company to comply with laws that vary from country to country. With the new regulations in place, hopefully data regulation agencies will be able to successfully challenge privacy violations and keep their citizens’ information more secure.
If you are concerned about your privacy, or are unsure what information Facebook and other social media networks may be collecting, contact Reputation Defender. Our personal and professional privacy services will help identify vulnerabilities and keep your personal information secure.