Facebook Fined for €1.2 Million by Spanish Regulators for Privacy Infringement


Published Date : Sep 12, 2017

The Spanish Data Protection Agency (AEPD) has issued a US$1.4 million fine against Facebook for accumulating possibly sensitive personal information from its users. The AEPD regulators had conducted an investigation about how the social networking company uses, stores, and collects information from users for advertising reasons. It was found that the company had not acquired passable consent from its users throughout the entire process. According to AEPD, the company had centrally breached data protection law in three ways, where two instances have been considered “very serious” and another “serious.” The regulatory body has said that the company had collected information while keeping users unclear about the use and purpose.

More Heavy Fines Out of European Union Expected Soon

The AEPD has discovered that Facebook had been collecting information about the personal interests, religious beliefs, sex, and ideologies of its users. In some cases, the information had been collected directly by the company while in other cases, through third-party services. Another issue with the company has been the uninformed collection of user information and activity through its web browsing cookies when using non-Facebook websites carrying a Like button.

Under the Spanish data protection law, express consent is a must to collect sensitive information. In this regard, Facebook was fined a US$720,000 for the very serious violation and a US$360,000 (two fines collectively) for the serious violations. However, the social networking company has rejected the regulatory body’s plans to appeal the fines and also its findings.

Earlier in 2017, the company had been fined a US$122.5 million by the European Commission for offering misleading data in its filing for its 2014 acquisition of WhatsApp. Germany had publicized its plans to investigate the company for supposedly “extorting” users. More fines could be on the way for the company as other European nations such as the Netherlands, France, and Belgium have already conducted their own investigations into the company’s data collection practices.