Spanish data protection regulator has issued a €1.2 M ($1.4M) fine against the social media giant for a series of violations regarding its data harvesting activities.
Spain’s AEPD said that an investigation into how Facebook collects, stores, and uses data for advertising purposes, found that it is doing so without obtaining adequate user consent.
It says it identified two serious infringements and one very serious infringement of data protection law — with the total sanction breaking down to €300,000 for each of the first breaches and €600,000 for the second.
The regulator found that Facebook collects data on ideology, sex, religious beliefs, personal tastes, and navigation — either directly, through users’ use of its services, or from third-party pages — without, in its judgment, “clearly informing the user about the use and purpose.”
Elegant Themes - The most popular WordPress theme in the world and the ultimate WordPress Page Builder. Get a 30-day money-back guarantee. Get it for Free
Not obtaining the express consent of users to process sensitive personal data is classified as a very serious offense under local DP law.
The regulator is also unhappy that Facebook does not delete harvested data once it has finished using it.
One of the spokespeople of Facebook told us that the company intends to appeal the decision while also noting that its European business is (currently) regulated under Irish data protection rules, where its EU HQ is sited.