The size of the fine is comparatively small for Facebook, which brought in $27.6 billion in revenue last year--almost all of which came from advertising. More important, however, the watchdog's decision could force changes to the way the company operates.
Continue Reading Below
France's Commission Nationale de l'Informatique et des Libertés, or CNIL, accused Facebook of compiling massive amounts of personal data for targeted advertising without granting users the option of objecting, the watchdog said. The regulator also accused Facebook of collecting data on users' browsing activity on third-party websites without their knowledge.
"We are disappointed with today's news and respectfully disagree with the CNIL's findings," said a Facebook spokesman, adding they were pleased, however, that the watchdog had narrowed the scope of its investigation based on information the company provided. France first sent Facebook a formal notice about its concerns in January 2016 and held a hearing about the issue in March 2017, before deciding to impose the fine.
At issue in the regulator's allegations of web tracking is the use of a cookie, known as a "datr" cookie.
Facebook has previously acknowledged that it does collect data on users' internet browsing even when they aren't logged in, through a snippet of computer code called a cookie that it places within an individual's web browser if they have visited the Facebook.com website. That "datr" cookie reports back to Facebook whenever that browser accesses a webpage with an active social plug-in, such as a "like" button.
Facebook has contended that the process is necessary for security purposes to protect people from spam, malware and other attacks. The company uses the information from that cookie only to weed out browsers being piloted by a machine rather than a human, and discards the browsing data after 10 days, Facebook has said.
But the French watchdog said Facebook's explanations to users didn't allow them to understand that their data was being collected as soon as they navigate to a third-party website.
"The massive data collection carried out via the "datr" cookie, is unfair due to the lack of clear and precise information," the CNIL said.
Facebook, along with other U.S. tech giants, is battling a broadside of other legal and regulatory measures in Europe that could threaten the way it does business here.
In Germany, for instance, antitrust authorities are investigating whether Facebook abuses its dominance as a social network to harvest personal information. Officials there are also considering new laws that would require social media platforms to remove hate speech and fake news from their platforms within 24 hours.
The French watchdog's decision Tuesday is the latest display of swagger for Europe's national data-protection authorities, which have been empowered to take on Facebook and other big tech firms by a series of European court decisions and new EU-wide privacy rules to take effect next year.
France's investigations into Facebook were carried out alongside probes by regulators in four other member states, including Belgium, Hamburg, Spain and the Netherlands.
Belgium's privacy watchdog continues to pursue Facebook over alleged infringements of data-collection laws even after a Belgian court last June sided with the company's argument that the Belgian courts don't have the jurisdiction to rule on certain decisions involving the company, whose European headquarters are based in Ireland.
Hamburg's watchdog in September ordered Facebook to stop collecting user data from its messaging unit WhatsApp, while the Dutch and Spanish regulator are moving ahead with their investigations into Facebook.
Write to Natalia Drozdiak at firstname.lastname@example.org
(END) Dow Jones Newswires
May 16, 2017 09:02 ET (13:02 GMT)