Published On: Tue, Feb 9th, 2016

Facebook Ordered To Stop Tracking Non-Users In France

Yet some-more remoteness problems for Facebook in Europe. Now a French information insurance authority, a CNIL, has released a association with a grave notice to get a residence in sequence and approve with European data insurance law or face probable mention to a CNIL’s name cabinet that could afterwards select to pursue a permit opposite a company.

Facebook has been given 3 months to make a changes deemed required by a CNIL. If it does so to a DPA’s compensation it will not face any sanctions, a DPA said yesterday.

TechCrunch understands Facebook is in a routine of reviewing a sequence from a CNIL. A orator supposing a following matter per a action: “We are assured that we approve with European Data Protection law and demeanour brazen to enchanting with a CNIL to respond to their concerns.”

Those concerns are multiple, and were unearthed by an review triggered after Facebook nice a remoteness process in tumble 2014. Specifically, a CNIL is unfortunate that Facebook collects a browsing activity of Internet users who do not have a Facebook account.

“Indeed,” a CNIL notice reads, “the association does not surprise Internet users that it sets a cookie on their depot when they revisit a Facebook public page (e.g. page of a open eventuality or of a friend). This cookie transmits to Facebook information relating to third-party websites charity Facebook plug-ins (e.g. Like button) that are visited by Internet users.”

It also records that Facebook collects user information concerning passionate orientation, religious and domestic views “without a pithy agree of comment holders”. Nor does it inform users on a pointer adult form “with courtesy to their rights and a estimate of their personal data”.

Advertising cookies are also set by Facebook “without scrupulously informing and receiving a agree of Internet users”, a CNIL asserts, observant that users are not offering any collection to forestall the compilation of info for targeted advertising — which it says “thereby violates their elemental rights and interests, including their right to honour for private life”.

Perhaps many surprisingly, Facebook also stands indicted of stability to use the now bootleg Safe Harbor information send mechanism, that was invalidated by a European Court of Justice final October — so a full 4 months ago.

And nonetheless Europe and a US have apparently concluded a new understanding (called a EU-US Privacy Shield), this has nonetheless to come into force, so can't nonetheless be relied adult on by companies wanting to legalize information transfers opposite a Atlantic. And, last week the conduct of a CNIL, who also heads adult a WP29 organisation of European DPAs, reiterated that Safe Harbor is not an choice — stressing that companies stability to use a invalidated framework are “in an bootleg situation” and could face sanctions from DPAs.

Alternative information send methods were minute by a European Commission final fall, after a Safe Harbor strikedown, so it’s rather startling that Facebook has apparently not switched to regulating one of these alternatives to oversee a Europe to US information transfers. We’ve asked Facebook about this indicate and will refurbish this story with any response.

Update: Facebook claims it is not in fact regulating Safe Harbor to send information — indicating to before comments it done final year, in that it said: “Facebook, like many thousands of European companies, relies on a series of a methods prescribed by EU law to legally send information to a US from Europe, aside from Safe Harbor.”

The CNIL goes on to add that it has done a grave notice opposite Facebook open due to “the earnest of a violations and a series of people endangered by a Facebook service” — observant a site has some-more than 30 million users in France.

Its action follows a lawsuit brought opposite Facebook by a Belgian information insurance management final summer, that was also concerned with how it tracks non-users. The Belgian authorised movement led to a hazard of daily fines for Facebook if it did not rectify a operation of a tracking cookies — that it subsequently did, switching to requiring users to record in to perspective pages on a site.

As good as investigations by a French and Belgian DPAs, Facebook is also being probed by Spanish, Dutch and German (Hamburg) information insurance authorities. This operative organisation of 5 DPAs was set adult in Mar 2015 categorically to examine a new remoteness policy.

The CNIL records that investigations by all a particular DPAs are “ongoing during a inhabitant turn and within an general executive team-work framework”. So Facebook’s problems in Europe compared with a nice remoteness process demeanour to be far from over.

The new EU-US Privacy Shield is also during slightest dual months out from being authorized by a WP29, so there’s no discerning repair for companies wanting to legalize transatlantic data transfers (although there are a operation of choice mechanisms that can be used, such as customary contractual clauses and indication contracts).

Featured Image: Promesa Art Studio/Shutterstock

About the Author

Leave a comment

XHTML: You can use these html tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>