France’s data protection agency says it has fined Facebook for collecting information on users without their knowledge, following a probe of the social network in cooperation with other European regulators.
The CNIL agency said it had slapped a penalty of 150,000 euros ($160,000) on Facebook Inc and Facebook Ireland, for “several breaches of the French Data Protection Act”, the maximum fine in such cases.
Following a two-year investigation, CNIL said Facebook had built up “a massive compilation of personal data of internet users in order to display targeted advertising”.
The American internet giant had also “collected data on browsing activity of internet users on third-party websites, via the ‘datr’ cookie, without their knowledge”, the agency said. This was “unfair tracking”, it said.
The French action is part of a Europe-wide approach, CNIL said, with Belgium, the Netherlands, Spain and the German city state of Hamburg also investigating and working with France.
Facebook had been put on notice twice to comply with French law, but provided “unsatisfactory responses”, CNIL said.
Facebook has some 33 million users in France.
Facebook said in a statement to AFP that it “respectfully” disagreed with the ruling and that it complied with European data protection laws.
The company now has four months to file an appeal with the Conseil d’Etat, France’s highest administrative court. It did not say whether it will.
Last year the CNIL slapped a 100,000-euro fine on Google, another US internet giant, for failing to delist user information from all of its search engine extensions at the request of users.
Google appealed and the case is ongoing.