French regulator fines Facebook for violating user privacy

In May 2017, the French data protection regular, CNIL, fined Facebook €150,000 saying the company had failed to inform users properly about how their personal data is tracked and shared with advertisers. The regulator did not, however, order the company to change its practices. The decision was one of a series of European regulatory examinations of changes made to Facebook's privacy policy in 2014. CNIL's action followed rulings in 2016, when CNIL gave Facebook three months to stop tracking non-users' online activity and ordered the company to stop data transfers to the US after the Safe Harbor agreement was overturned in the European Court of Justice. 

In the 2017 decision, CNIL complained that Facebook had continued to collect sensitive user data without explicit consent, used cookies to track activity on third-party sites without explaining clearly to users, and had not demonstrated the need to retain user IP addresses for the life of their accounts. The €150,000 fine was the maximum sanction available to CNIL at the time.
tags: Facebook, tracking, consent, cookies, fines, regulatory actions, CNIL, France, social media
Writer: Amar Toor
Publication: The Verge