Facebook has been fined €150,000 ($166,400) by France’s privacy watchdog for violating the country’s data protection rules. In a statement released Tuesday, the Commission Nationale de l’Informatique et des Libertés (CNIL) said Facebook has failed to properly inform users of how their personal data is tracked and shared with advertisers, though it stopped short of ordering the company to change its practices.
Last year, the CNIL gave Facebook three months to stop tracking the online activity of non-users, and ordered the company to halt data transfers to the US after the trans-Atlantic Safe Harbor pact was invalidated amid privacy concerns. A new data transfer agreement, the EU-US Privacy Shield, went into effect in July 2016, though it may still face legal challenges.
In its decision Tuesday, the CNIL said that Facebook has continued to “collect sensitive data of the users without obtaining their explicit consent,” and that it used cookies to track activity on third-party sites without providing “clear and precise information” to users. The watchdog also said the company did “not demonstrate the need” to retain user IP addresses “all along the life of their account.”
Facebook has argued that its privacy policies are in line with European law, and has previously said that it should be subject to rulings from Ireland’s data protection authority, since its European headquarters are in Dublin. The company has not said whether it will appeal the CNIL’s decision.
“We take note of the CNIL’s decision with which we respectfully disagree,” a Facebook spokesperson said in a statement to Reuters. “At Facebook, putting people in control of their privacy is at the heart of everything we do. Over recent years, we’ve simplified our policies further to help people understand how we use information to make Facebook better.”
The €150,000 fine handed down by the CNIL is the maximum that was allowed at the time its investigation began, though the watchdog can now issue fines of up to €3 million under a law passed last year. European regulations set to go into effect in 2018 will allow privacy regulators to fine companies up to 4 percent of their global turnover. Facebook earned $27.6 billion in revenue last year.