CNIL Gives Facebook Three Months To Comply With Privacy Order

by Jedidiah Bracy, International Association of Privacy Professionals

facebook-privacy-sm3As much of the privacy and technology world awaits the fate of the newly proposed EU-U.S. Privacy Shield, the clock is now ticking for Facebook to comply with France’s Data Protection Act. On Monday, after a multi-pronged investigation, French data protection authority CNIL sent a formal notice to the social networking giant that it was violating the nation’s privacy law and now has three months to get into compliance.

The investigation was triggered by Facebook’s March 2015 privacy policy update. The change received the attention of several EU-based DPAs, including the CNIL, Belgium, the Netherlands, Spain, and Hamburg, Germany.

At issue is Facebook’s tracking of non-users through cookies placed on third-party websites and on public-facing Facebook pages. In total, the CNIL detailed five alleged violations of the Data Protection Act in Monday’s advisory, including the collection of non-user data, collecting information about sexual orientation and political and religious views without users’ explicit consent, the setting of cookies without notice or consent of Internet users, the lack of tools for users who do not want to be profiled for advertising purposes, and that personal data is transferred to the U.S. under Safe Harbor.

The CNIL also issued a more detailed formal notice with additional requirements.

Continue reading on International Association of Privacy Professionals website »

Tags: , , ,