Facebook fined €1.2 million for breaching Spanish privacy laws
Facebook has been fined €1.2 million by Spain’s data regulator after breaking the country’s privacy laws, serving as a stark warning to brands ahead of GDPR next year.
Spain’s data protection watchdog (AEPD) uncovered three instances where Facebook collected personal data from its Spanish users without informing them how it was going to be used.
Specifically, the AEPD criticised Facebook’s collection and usage of data pertaining to people’s “ideology, sex, religious beliefs, personal tastes or navigation” and its inability to obtain “unequivocal, specific and informed” consent from users.
The breach of consent has resulted in a €600,000 fine, while the other two infringements could cost the social media giant a further €300,000 each.
With the EU’s General Data Protection Regulation (GDPR) due to come into effect on 25 May 2018, this is a stern reminder that companies need to have their houses in order before the deadline, with no brand above the law. If an organisation breaches the GDPR, fines could reach €20 million or up to 4% of a company’s global annual turnover, whichever is highest.
Facebook likely to appeal against fine
The social media network is likely to appeal against this decision, and in a statement published by Fortune.com, Facebook said the Spanish data authority was “wrong to say it showed people advertising based on sensitive personal data...” and that “ad-targeting was instead based on the interest people express by ‘liking’ certain content on the social network”.
In May, Facebook was hit with a €150,000 fine for a similar data breach in France, but successfully overturned a separate decision in 2016 that attempted to block the social platform from collecting data and tracking the internet activity of logged-out users in Belgium.
A report from earlier this year found a staggering 31% of marketing and advertising thought GDPR will have no impact on their business.
Separate research from the DMA in May revealed 24% of organisations are yet to start planning for the new data law.
This free comprehensive guide explains what the General Data Protection Regulation (GDPR) is, how this incoming data protection law will affect your organisation, and the practical steps to take to prepare for it.