The Chair of the French data protection authority ‘Commission Nationale de l’Informatique et des Libertes’ (CNiL) has issued Facebook with a formal notice giving it 3 months to stop tracking non-members of the social network in France. The CNiL has also asked Facebook to stop the transfer of some personal data to the U.S. If Facebook does not comply with the CNiL’s requests it could face sanctions.
What’s The Problem?
The problem has arisen because the CNiL believes that Facebook is not currently complying with the French Data Protection Act (DPA) due to a number of alleged activities that the CNiL have outlined in a post on their website. The areas where the CNiL state that Facebook is not complying with the French DPA include:
- Collecting, without prior information, data concerning the browsing activity of Internet users who do not have a Facebook account. N.B. Facebook currently tracks all visitors to the website by using cookies known as datr.
- Collecting data concerning the sexual orientation and the religious and political views without the explicit consent of account holders.
- The website setting cookies that have an advertising purpose without properly informing and obtaining the consent of Internet users.
- Compiling information on account holders to display targeted advertising and not providing tools for account holders to prevent such compilation.
- Transferring personal data to the U. S. on the basis of ‘Safe Harbor’, although the Court of Justice of the European Union declared invalid such transfers in its ruling of October 6, 2015.
The CNiL have stated on their website that the reason why the formal notice to Facebook has been made public is “due to the seriousness of the violations and the number of individuals concerned by the Facebook service (more than 30 million users in France).”
Last year Facebook made changes to the way the site is viewed in Belgium after a similar order from the Belgian Privacy Commissioner.
The new deal to replace ‘Safe Harbor’ called the “EU-US Privacy Shield” has not yet come into force and therefore it cannot be used to form the basis of an argument by companies wanting to legalize data transfers across the Atlantic. Facebook however is reported as saying that it is not using Safe Harbor.
In Reply So Far
In reply to the CNiL requests Facebook is reported to have said that it is looking forward to engaging with the CNiL to respond to the concerns raised.