Facebook is following Europeans without telling them, and it might one day cost them a giant chunk of cash.
For now, the company is dealing with minor fines and not-so-nice press in both France and the Netherlands for allegedly violating user privacy.
The French Commission Nationale de l’Informatique et des Libertés fined Facebook around $167,000 for violating the French Data Protection Act, according to a May 16 statement.
For Facebook, that barely counts as petty cash, but these kind of fines may balloon to enormous sums when new European Union privacy regulations fall into place in 2018. Those regulations will allow government entities to fine companies such as Facebook and Google as much as four percent of their yearly revenue for privacy violations. For Facebook — which amassed a revenue of more than $27 billion last year — that could mean a fine of more than $1 billion.
Though the French commission cited several specific violations in its statement, the writers expressed consistent concern with Facebook using personal data for ad targeting without informing users.
The commission conducted multiple investigations of Facebook’s compliance with the data protection act in 2015, after Facebook had recently updated some of its privacy policies. Those investigations cited “several failures,” including the collection of “data on browsing activity of internet users on third-party websites,” and “massive compilation of personal data of internet users in order to display targeted advertising.”
Those concerns were echoed by the Dutch Data Protection Authority.
The authority released a similar statement on Tuesday, saying Facebook “violates Dutch data protection law” by “giving users insufficient information about the use of their personal data,” and left open the possibility of a fine if Facebook doesn’t comply.
“We take note of the CNIL’s decision with which we respectfully disagree,” a Facebook spokesperson said in an emailed statement. “We value the opportunities we’ve had to engage with the CNIL and reinforce how seriously we take the privacy of people who use Facebook.” The spokesperson also noted that “Facebook has long complied with EU data protection law through our establishment in Ireland.”
Privacy protections are generally more robust in European Union nations than in the United States, where Facebook was founded, and the company has clashed with European regulations.
Facebook also faces a potential lawsuit under consideration by the European Court of Justice, in which more than 25,000 users want to sue the company for violating their data privacy. The court will have to decide whether those individuals can be a part of the same lawsuit before they can consider the actual privacy implications. For now, it looms like the potential for gigantic fines — both factors that could reshape Facebook’s relationship with privacy, but which also might amount to little more than nuisances.