Brussels, 09/02/2016 (Agence Europe) - On Monday 8 February, the Commission nationale de l'informatique et des libertés française (CNIL), the French personal data protection regulator, announced that it had sent a warning to Facebook, in which it informed the company that it had three months to comply with French law. The regulator criticised the company for numerous shortcomings involving personal data protection. According to a press release from the organisation, the President of the CNIL warned the company to “fairly collect data from Internet users that do not have Facebook accounts”.
The French national regulator also called for Facebook members to be able to oppose their data being combined into a block for advertising purposes. Following the announcement by the US giant that it was amending its confidentiality policy, a group consisting of five protection authorities decided to carry out an investigation (France, Belgium, Netherlands, Spain and the Hamburg region) within the G 29 in March 2015. It is in this context that the CNIL carried out spot checks on documents and online, to verify whether the Facebook social network was not contravening the “information and freedoms” law, explained the CNIL. These checks helped reveal many areas of non-compliance with this law.
Facebook is therefore able to follow the Internet habits of those surfing the web, without them knowing, on non-Facebook sites, even if they do not have a Facebook account. “The site contains a cookie on the terminal of each user that visits a public Facebook page, without informing them of this fact (pages of a public event or a friend's page, for example). This cookie therefore allows the site to identify the websites visited by the Internet user when these contain a Facebook button (“like” or “connect”, for example)”.
The social network does not necessarily receive the express consent of Internet users during the collection and processing of data relating to their political or religious opinions or sexual orientation either. Similarly, no information is provided to Internet users about their rights and the use made of their data on the service registration form. The website places cookies for advertising on the computers of the Internet users, without having correctly informed them as a preliminary or having received their agreement, points out the CNIL.
In an effort to propose targeted advertising to its members, Facebook uses a combination of personal data it has on them (provided by the Internet users themselves, collected by the website and other companies in the group or sent by commercial partners), without providing Internet users with a mechanism that would allow them to reject the data being combined into a block for advertising purposes.
The CNIL also criticises Facebook for transferring the personal data of its members to the US on the basis of the Safe Harbor mechanism, which should no longer be possible since the decision made by the European Court of Justice on 6 October 2015. The US and EU have just agreed on a new provision called the “Privacy Shield” but the latter has not yet come into being. (Original version in French by Solenn Paulic)