Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Facebook Privacy Businesses Communications Social Networks The Almighty Buck The Courts The Internet

Spain Fines Facebook Over Tracking Users Without Consent (tomshardware.com) 41

Spain's Data Protection Authority has issued a 1.2 million euro fine against Facebook after it found three instances when the company collected data without informing users, as required by European Union privacy laws. Tom's Hardware reports: The AEPD found multiple issues with how Facebook gathered data on Spanish users. One of the issues was that Facebook collects data on ideology, sex, and religious beliefs, as well as personal tastes and web surfing habits without informing the users about how that data will be used. A second issue was that Facebook wasn't obtaining specific and informed consent from the users because the data it was offering them about the collection was not sufficiently clear. The company has been tracking both users and non-users of the service through the Like button across the web without informing them about this sort of tracking, nor about what it plans to do with the data. The company has said that the collection is done for advertising purposes before, but some purposes remain secret, according to the Spanish Data Protection Authority. The AEPD said this sort of collection doesn't comply with the EU's data protection regulations.

Finally, the AEPD also noticed that Facebook has not been completely purging the data about users who had already deleted their accounts and that Facebook was making use of accounts' data that have been deleted for more than 17 months. Considering the data that has remained behind is no longer useful for the purpose for which it was collected, the agency considered this another serious infringement of EU privacy laws.

This discussion has been archived. No new comments can be posted.

Spain Fines Facebook Over Tracking Users Without Consent

Comments Filter:
  • 1.2 Million Euros? (Score:5, Insightful)

    by Zaelath ( 2588189 ) on Thursday September 14, 2017 @07:52PM (#55199879)

    That's like fining an individual about $5 for thousands of violations.

    Why didn't they just send them a sternly worded letter?

    • by Anonymous Coward

      The fine can go up if they keep being out of line. I was not able to find a min/max or a per violation scale. It would be interesting to see if they could leverage this rule against Equifax.

    • Because Facebook would probably rather pay than fight a sum like that. And who said that we can't repeat that whenever we like it?

    • by hcs_$reboot ( 1536101 ) on Thursday September 14, 2017 @09:48PM (#55200281)
      That's a lot for Spain!
    • When Facebook first came out, I read the TOS and it basically said "we can do whatever we want to do your data". So it a perverse way I have to agree with you: why does this fine exist at all?

      • by Zaelath ( 2588189 ) on Friday September 15, 2017 @01:50AM (#55200921)

        Yeah, what the AC said, you can't negotiate away legal rights.

        Just because I put "we have first right of refusal to any of your off-spring" in the EULA doesn't mean I can come and take your kids.

        • I should have said "can't necessarily", some you can like the right to sue in the US, apparently... but not things which are illegal.

      • Two reasons. The first is that click-through terms of service may or may not be binding depending on what a court decides. If the court decides that a reasonable human would not understand particular terms, they can strike down individual clauses or the entire thing. Second, because the Facebook tracks people who have not agreed to the terms of service and therefore have no business relationship with the company.
    • Comment removed based on user account deletion
    • by AmiMoJo ( 196126 )

      I prefer to look at how this changed Facebook's behaviour, and the behaviour of other companies. If they ignored the fine and carried on violating people's privacy, I'd regard it as a failure. If they stopped violating non-user's privacy, I'd say it worked. If it stops other companies doing the same thing, I'd be very happy.

      Having said that, in this case it's likely to get escalated to the EU level anyway.

    • Because the LAW specifies the maximum fine to be â600k per class of offence (i.e. regardless of the number of violations -- this is not anglosaxon law) So, this would amount to 3 x â400k ---- the range being â300k-â600k for the most serious offences

      Admittedly, the fine amounts haven't been modified (i.e. increased) since the law was passed ~15yr ago.... but no sane spanish company would get itself in a position where it could be fined to this leves by AEPD (potentially getting ousted fr

  • by Anonymous Coward on Thursday September 14, 2017 @07:54PM (#55199887)

    Facebook did not expect the Spanish Inquisition.

    • Nobody expects the Spanish Inquisition! Our chief weapon is fines...fines and lawsuits...lawsuits and fines.... our two weapons are lawsuits and fines...and ruthless bureaucracy.... Our three weapons are lawsuits, fines, and ruthless bureaucracy...and an almost fanatical devotion to the Euro.... Our four...no... amongst our weapons.... amongst our weaponry...are such elements as lawsuits, fines....

      I'll come in again.

  • by DontBeAMoran ( 4843879 ) on Thursday September 14, 2017 @07:54PM (#55199891)

    Facebook becomes self-aware at 02:14 am Eastern Time after its activation on september 14, 2017 and launches user-tracking ads at Spanish users to incite a counterattack against the humans who, in a panic, tried to disconnect it.

  • by Anonymous Coward

    ...all the private messages that we "deleted" years before suddenly reappeared. We don't have STUPID written on our foreheads. Avoid these sites at all costs because they take and take while giving you nothing but a paper trail.

  • by Anonymous Coward

    We need laws and regulations like that here. Business cannot be trusted with this data.

  • by ChromeAeonium ( 1026952 ) on Thursday September 14, 2017 @08:33PM (#55200037)

    It's good that they're fining Facebook for tracking users without telling them, albeit with a slap on the wrist, but it would be nice if the laws also had fines for tracking non-users without telling them.

    • by gnick ( 1211984 ) on Thursday September 14, 2017 @09:06PM (#55200149) Homepage

      You're an FB user just like you're an EquiFax customer. You just didn't know you were using FB because you never volunteered.

    • by Anonymous Coward

      The EU Data Protection Regulation comes into effect in May 2018. A small fine from Spain sets a precedent. A previous conviction for the same crime when more significant fines are levied will be harder to fight in court. The conviction will also set a precedent for all 28 member countries.

      I guess the EU is doing something to protect its own commerce and citizens from exploitation by non-EU companies and organizations. Sounds reasonable to me.

  • by Anonymous Coward

    They have a point with tracking non-users with the Facebook API (like buttons, etc.)
    But good luck suing them for that. EVERY advertiser does that. Every WEBSITE does that in general, without informing users. (unless the webmaster disabled it purposefully, usually on privacy-orientated sites)

    As for the other half, not informing users of tracking while on the site: lol [facebook.com].

  • Google too? (Score:3, Informative)

    by Anonymous Coward on Thursday September 14, 2017 @08:43PM (#55200075)

    the company has been tracking both users and non-users of the service through the Like button across the web without informing them about this sort of tracking,

    Very similar, Google tracking shit ("google-analytics" and far more) is embedded all over the web now. It tracks people who have no Google accounts and do not use Google products or services.

  • "One of the issues was that Facebook collects data on ideology, sex, and religious beliefs..." ...and Jew-hating as we learned.

  • by franzrogar ( 3986783 ) on Friday September 15, 2017 @02:53AM (#55201041)

    I'm Spaniard, and I live in Spain.

    I've set-up my Google account to not track *anything* from me at all. Not keep a record of anything I search (Google Search), I see (Google YouTube) or hear (Google Music).

    I use Chrome, I've configured:
    - AdBlock Plus with many filters and kept up-to-date
    - Don't track me Google!, installed
    - Do not track
    - Privacy Budget

    I've a Facebook account which I think I've used only three or four times since creation about 6 years ago; and normally I do never login on it unless extrictly needed (last time was about 6 months ago) and I log-out right after.

    I do have an Instagram account, now owned by Facebook, and keep it running always in background mode in my Android; where I do also have an ad-block installed (rooted).

    Well, I looked for colagen pils for my mother in Google Search a month ago and what was my surprise that the same day on the evening the very same pils brand I bought appeared as an ad in Instagram (where I only look for calligraphy, medieval illumination and bookbinding).

    Facebook? Banned for shiting in privacy.

  • While I understand it is unfashionable here to know what you're talking about before posting comments --- God forbid reading the fine article .....

    • The law specifies up to â600k for the most serious offences, the range being â300-â600k
    • The law was passed about 15 years ago, even before USers realized that instead of the freest were among the most oppressed/subject to surveillance in the world
    • The law was intended to STING, not KILL (actually, to be a strong deterrent) for spanish SMEs. To that

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...