Facebook gets France's maximum fine for privacy violations

[LUXEMBOURG] Facebook Inc was slapped with France's maximum privacy fine of 150,000 euros (S$230,081) and warned of further penalties from other European regulators over how it targets advertising and tracks users.

French and Dutch data protection authorities ruled that Facebook violated national laws on how they handle user data. France's CNIL said Facebook isn't allowed to combine user data to display targeted advertising and engages in "illegal tracking" by using cookies to watch what users do on and off the site.

The Netherlands' authority said Facebook has now agreed to stop using people's sexual preferences to show targeted ads - and that it may face further sanctions if it doesn't address other privacy issues. Spain, Belgium and the German city of Hamburg are also scrutinising the company which now faces two Spanish probes and lawsuits in Germany and Belgium.

Facebook's troubles in Europe are building as it faces both EU and German antitrust investigations, adding to privacy probes across the 28-nation bloc. Facebook's move to merge data from the WhatsApp messaging service with its own alarmed regulators last year, triggering probes and a pledge from Facebook to stop processing UK data during an investigation there.

"While we respectfully disagree with the CNIL's findings, we value the opportunities we've had to engage with the CNIL and reinforce how seriously we take the privacy of people who use Facebook," the company said in an emailed statement. "We are pleased the CNIL has narrowed the scope of their inquiry based on information we've provided throughout the process."

On the Dutch probe, the company said it is also at odds with the regulator's findings.

"While we have long been compliant with European data protection law and we disagree with the AP's findings, we are pleased we have been able to resolve some of their concerns," Facebook said. "We will review the report and remain open to discussing these issues" with the Dutch authority.

The European privacy watchdogs said Facebook argued that only Irish data-protection law applies because it is based there and only the Irish data protection authority could supervise how it handles data. The other European agencies rejected that, ruling that their national law applies since Facebook has offices across the bloc.

While European watchdogs' fining powers remain minimal - in some cases even nonexistent - new EU-wide rules will take effect in May 2018 that could boost sanctions by any of the bloc's national regulators to as much as 4 per cent of a company's annual sales.

BLOOMBERG