Facebook fined €1.2 million in Spain

Facebook Inc logo

On Monday, the Spanish data protection authority (AEPD) said Facebook had been breaking privacy rules on multiple counts over the way it uses people's personal data for advertising purposes.

The fine was handed down by the Spanish Data Protection Agency (AEPD) after the regulator conducted an investigation into how Facebook collects, stores and uses the data of its users for advertising purposes.

A second issue was that Facebook wasn't obtaining specific and informed consent from the users because the data it was offering them about the collection was not sufficiently clear. "The agency considers that Facebook does not adequately collect the consent of either its users or nonusers, which constitutes a serious infringement".

That Facebook is causing ripples when it comes to privacy will come as little surprise to anyone. This "very serious" violation resulted in a €600,000 fine.

The Spanish watchdog's €1.2 million fine comes as data watchdogs across Europe are investigating Facebook.

Spain's data regulator also claims that Facebook does not delete harvested data once the tech company is done using it, and believes Facebook doesn't delete data from web browsing habits, but "retains and reuses it later associated with the same user". That data was collected directly in some cases and through third-party services also used by the user in others.

We take note of the DPA's decision with which we respectfully disagree.

"Users choose which information they want to add to their profile and share with others, such as their religion".

Under EU law, "personal data" means "any information relating to an identified or identifiable natural person", so people's "likes" would qualify as personal data.

In May, France's data protection watchdog fined Facebook $170,000 (€150.000) for failing to prevent its users' data being accessed by advertisers following a 24-month long investigation.

Related News: