Facebook Inc. agreed under Dutch pressure to stop targeting ads based on users’ sexual orientation as European regulators revealed a concerted clampdown on some of the social network’s data practices. The Dutch privacy authority said on Tuesday that Facebook has now put an end to methods that breached national law.
France’s data regulator, CNIL, ordered the company to pay a maximum privacy fine of 150,000 euros ($166,000) for combining user data to display targeted advertising and “illegal tracking” via cookies of what users do on and off the site.
“Consumers are unaware how Facebook is using very personal information such as their sexual preferences to send them targeted ads,” said Agustin Reyna, the head of European consumer group BEUC’s digital rights team. “This is unacceptable.
This issue affects consumers across the EU and we need a clear European response.” Facebook’s troubles in Europe are building as it faces both EU and German antitrust investigations, adding to privacy probes across the 28-nation bloc. Facebook’s move to merge data from the WhatsApp messaging service with its own alarmed regulators last year, triggering probes and a pledge from Facebook to stop processing UK data during an investigation there.
The Dutch data-protection authority warned that Facebook may face further sanctions if it doesn’t address other privacy issues. Facebook faces two probes in Spain, and lawsuits in Germany, and Belgium. “While we have long been compliant with European data protection law and we disagree” with the Dutch authority’s findings, “we are pleased we have been able to resolve some of their concerns,” Facebook said. “We will review the report and remain open to discussing these issues.”
Facebook said it is also at odds with the French regulator’s findings. “While we respectfully disagree with the CNIL’s findings, we value the opportunities we’ve had to engage with the CNIL and reinforce how seriously we take the privacy of people who use Facebook,” the company said in an emailed statement. “We are pleased the CNIL has narrowed the scope of their inquiry based on information we’ve provided throughout the process.”
The European privacy watchdogs said Facebook argued that only Irish data-protection law applies because it is based there and only the Irish data protection authority could supervise how it handles data. The other European agencies rejected that, ruling that their national law applies since Facebook has offices across the bloc.
While European watchdogs’ fining powers remain minimal — in some cases even nonexistent — new EU-wide rules will take effect in May 2018 that could boost sanctions by any of the bloc’s national regulators to as much as 4 percent of a company’s annual sales.