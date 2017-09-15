Facebook stung by Spanish regulator

SOCIAL network Facebook has been fined 1.2m euros by the Spanish Data Protection Agency (AEPD) for breaking laws concerning the use of its users’ personal data.

The agency said the global social network had been compiling, storing and helping itself to user information for advertising purposes, without prior authorisation.

Facebook, which says it “respectfully disagrees” with the agency’s decision, plans to appeal against the penalty.

An official statement said: “As we informed the AEPD, it is the users who decide what information they want to add to their profile and share with others, such as their religion.”

It added that it did not use that information to show specific advertisements to its users.

According to the agency ruling, Facebook has obtained information about the ideology, sex, religious beliefs, personal tastes and navigation of its users, without securing “unequivocal consent” initially.

The AEPD believes the tech giant has committed two “serious” infractions and one “very serious” infraction of Spain’s data protection law, costing Facebook two fines of 300,000 euros for the former, and one of 600,000 euros for the latter.

The probe found that the US firm, which has more than two billion users throughout the world, does not, “exhaustively nor clearly”, give information about the data that will be collected, and how it is used, simply giving several examples instead.

According to the agency’s findings, the social network collects other data deriving from the interaction between users of the site and third-party websites, without them being able to see, easily, the information Facebook gathers about them; nor how it will be used.

The agency also found that Facebook’s privacy policy contains “generic and unclear expressions”, forcing users to access a number of different links to get to it.

It also says the social network makes imprecise references to how data collected will be delivered, in such a way that the user is not conscious of the data collection carried out by company; nor of its storage.

The AEPD also confirmed that users are not informed that their information will be collected, via the use of cookies, when they visit pages not on the Facebook site, but which contain the social network’s “Like” button.

The regulator also argues that the personal data of users are not completely deleted when they are no longer useful. And even when the user requests a deletion explicitly, it doesn’t happen immediately.

The giant US company’s statement added: “Facebook meets European Union data protection law from our centre in Ireland.

“We are open to continue discussing these issues with the AEPD while we work with the Irish Data Protection Agency, and we prepare for the new 2018 European Union regulations.”