Facebook Inc. (NASDAQ:FB) was fined 150,000 euros ($166,000) by French regulators this week for privacy breaches related to its business practices. French data protection authorities determined that Facebook had violated national laws on the dissemination of user data.
The 150,000 euro fine is not a big hit to the company, which has quarterly revenue of about $8 billion. However, the amount was France’s maximum privacy fine at the time the case began. The CNIL can now issue fines of up to 3 million euros, after the passing of a new law in October 2016.
According to France’s CNIL, Facebook is prohibited from combining user data to display targeted advertising. CNIL also claims that Facebook engages in “illegal tracking” by using cookies to watch what users do on and off the site. The French watchdog correspondingly ordered the social network to stop some transfers of personal data to the United States.
An EU court ruling last year struck down an agreement that thousands of companies, including Facebook, relied on to avoid onerous EU data transfer rules. The transatlantic Safe Harbour pact was ruled illegal over concerns of mass U.S. government spying. EU data protection authorities gave companies three months to set up alternative arrangements for transferring data that would not violate the law.
Facebook argued that only Irish data-protection law applies because it is based there. The company also claimed that only the Irish data protection authority could supervise how it handles data. The other European agencies rejected that argument, ruling that national law applies since Facebook has offices across the bloc.
Facebook said in an emailed statement “While we respectfully disagree with the CNIL’s findings, we value the opportunities we’ve had to engage with the CNIL and reinforce how seriously we take the privacy of people who use Facebook.” The company did not say in its statement whether it would take action as a result of the fine.
Facebook’s move last year to merge data from the WhatsApp messaging service with its own triggered probes across the 28-nation bloc. The company was warned of further penalties from other European regulators over how it targets advertising and tracks users. The new EU data protection law, set to become enforceable in 2018, lets companies be fined up to 4 percent of their global turnover for violating the new regulation.
Facebook faces both EU and German antitrust investigations. The company also faces two Spanish investigations and lawsuits in Germany and Belgium. In the Netherlands, Facebook has now agreed to stop using people’s sexual preferences to show targeted ads.