Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spain Fines Facebook Over Tracking Users Without Consent (tomshardware.com)

Posted by BeauHD on from the respect-my-authority dept.

Spain's Data Protection Authority has issued a 1.2 million euro fine against Facebook after it found three instances when the company collected data without informing users, as required by European Union privacy laws. Tom's Hardware reports: The AEPD found multiple issues with how Facebook gathered data on Spanish users. One of the issues was that Facebook collects data on ideology, sex, and religious beliefs, as well as personal tastes and web surfing habits without informing the users about how that data will be used. A second issue was that Facebook wasn't obtaining specific and informed consent from the users because the data it was offering them about the collection was not sufficiently clear. The company has been tracking both users and non-users of the service through the Like button across the web without informing them about this sort of tracking, nor about what it plans to do with the data. The company has said that the collection is done for advertising purposes before, but some purposes remain secret, according to the Spanish Data Protection Authority. The AEPD said this sort of collection doesn't comply with the EU's data protection regulations.

Finally, the AEPD also noticed that Facebook has not been completely purging the data about users who had already deleted their accounts and that Facebook was making use of accounts' data that have been deleted for more than 17 months. Considering the data that has remained behind is no longer useful for the purpose for which it was collected, the agency considered this another serious infringement of EU privacy laws.

41 comments

  1. 1.2 Million Euros? by Zaelath · · Score: 5, Insightful

    That's like fining an individual about $5 for thousands of violations.

    Why didn't they just send them a sternly worded letter?

    1. Re:1.2 Million Euros? by Anonymous Coward · · Score: 1

      The fine can go up if they keep being out of line. I was not able to find a min/max or a per violation scale. It would be interesting to see if they could leverage this rule against Equifax.

    2. Re:1.2 Million Euros? by Opportunist · · Score: 1

      Because Facebook would probably rather pay than fight a sum like that. And who said that we can't repeat that whenever we like it?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    3. Re: 1.2 Million Euros? by dougdonovan · · Score: 1

      bad facebook.

    4. Re:1.2 Million Euros? by hcs_$reboot · · Score: 3, Funny

      That's a lot for Spain!

      --
      Slashdot, fix the reply notifications... You won't get away with it...
    5. Re:1.2 Million Euros? by Anonymous Coward · · Score: 0

      Does it matter how much? The current internet sucks. More and more, each day.

      How did it get it like this?

    6. Re:1.2 Million Euros? by Zaelath · · Score: 1

      Sure it matters how much, if you want a corporation to stop a behaviour it has to cost them more than it profits them; 1.2MM is unlikely to accomplish that.

    7. Re:1.2 Million Euros? by Anonymous Coward · · Score: 0

      You're right, they should forget the fines and start imprisoning company executives.

    8. Re:1.2 Million Euros? by thePsychologist · · Score: 1

      When Facebook first came out, I read the TOS and it basically said "we can do whatever we want to do your data". So it a perverse way I have to agree with you: why does this fine exist at all?

      --
      "What lies behind us, and what lies before us are tiny matters compared to what lies within us." Ralph Waldo Emerson
    9. Re:1.2 Million Euros? by Anonymous Coward · · Score: 0
      why does this fine exist at all?

      1) If you are not a user, you did not agree. 2) The law does not allow you to sign away all your rights in most countries

      Personally, I think Facebook should be fines EUR1.2M for each offence where the data is on people who are not users, with three strikes and you are out jail of executives where there are repeat offences. Hopefully Suck-a-berg would be down for 1.2 million years.

    10. Re:1.2 Million Euros? by Zaelath · · Score: 3

      Yeah, what the AC said, you can't negotiate away legal rights.

      Just because I put "we have first right of refusal to any of your off-spring" in the EULA doesn't mean I can come and take your kids.

    11. Re:1.2 Million Euros? by Zaelath · · Score: 1

      I should have said "can't necessarily", some you can like the right to sue in the US, apparently... but not things which are illegal.

    12. Re:1.2 Million Euros? by Z00L00K · · Score: 1

      Doesn't matter, they should have made the fine 1.2 billion euros.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    13. Re:1.2 Million Euros? by TheRaven64 · · Score: 1

      Two reasons. The first is that click-through terms of service may or may not be binding depending on what a court decides. If the court decides that a reasonable human would not understand particular terms, they can strike down individual clauses or the entire thing. Second, because the Facebook tracks people who have not agreed to the terms of service and therefore have no business relationship with the company.

      --
      I am TheRaven on Soylent News
    14. Re:1.2 Million Euros? by houghi · · Score: 2

      Because that is how fines work. You start low and they get higher, if they won't follow the law, The next one will be a lot stricter with perhaps stipulations that they should stop doing business till all criteria are met.

      --
      Don't fight for your country, if your country does not fight for you.
    15. Re:1.2 Million Euros? by AmiMoJo · · Score: 1

      I prefer to look at how this changed Facebook's behaviour, and the behaviour of other companies. If they ignored the fine and carried on violating people's privacy, I'd regard it as a failure. If they stopped violating non-user's privacy, I'd say it worked. If it stops other companies doing the same thing, I'd be very happy.

      Having said that, in this case it's likely to get escalated to the EU level anyway.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    16. Re:1.2 Million Euros? by CyberKrb · · Score: 1

      Because the LAW specifies the maximum fine to be â600k per class of offence (i.e. regardless of the number of violations -- this is not anglosaxon law) So, this would amount to 3 x â400k ---- the range being â300k-â600k for the most serious offences

      Admittedly, the fine amounts haven't been modified (i.e. increased) since the law was passed ~15yr ago.... but no sane spanish company would get itself in a position where it could be fined to this leves by AEPD (potentially getting ousted from any and all contracts with our Government as a result!)

    17. Re:1.2 Million Euros? by Anonymous Coward · · Score: 0

      Anything can be made illegal ... that's the law bitch.

  2. I guess you could say... by Anonymous Coward · · Score: 5, Funny

    Facebook did not expect the Spanish Inquisition.

    1. Re:I guess you could say... by DontBeAMoran · · Score: 2

      Nobody expects the Spanish Inquisition! Our chief weapon is fines...fines and lawsuits...lawsuits and fines.... our two weapons are lawsuits and fines...and ruthless bureaucracy.... Our three weapons are lawsuits, fines, and ruthless bureaucracy...and an almost fanatical devotion to the Euro.... Our four...no... amongst our weapons.... amongst our weaponry...are such elements as lawsuits, fines....

      I'll come in again.

      --
      #DeleteFacebook
  3. Déjà vu by DontBeAMoran · · Score: 2

    Facebook becomes self-aware at 02:14 am Eastern Time after its activation on september 14, 2017 and launches user-tracking ads at Spanish users to incite a counterattack against the humans who, in a panic, tried to disconnect it.

    --
    #DeleteFacebook
  4. Right after Microsoft took over LinkedIn.... by Anonymous Coward · · Score: 2, Insightful

    ...all the private messages that we "deleted" years before suddenly reappeared. We don't have STUPID written on our foreheads. Avoid these sites at all costs because they take and take while giving you nothing but a paper trail.

  5. Here in the USA by Anonymous Coward · · Score: 1

    We need laws and regulations like that here. Business cannot be trusted with this data.

  6. The EU needs a new law by ChromeAeonium · · Score: 2

    It's good that they're fining Facebook for tracking users without telling them, albeit with a slap on the wrist, but it would be nice if the laws also had fines for tracking non-users without telling them.

    1. Re:The EU needs a new law by gnick · · Score: 3, Interesting

      You're an FB user just like you're an EquiFax customer. You just didn't know you were using FB because you never volunteered.

      --
      He's getting rather old, but he's a good mouse.
    2. Re: The EU needs a new law by Anonymous Coward · · Score: 3, Informative

      The EU Data Protection Regulation comes into effect in May 2018. A small fine from Spain sets a precedent. A previous conviction for the same crime when more significant fines are levied will be harder to fight in court. The conviction will also set a precedent for all 28 member countries.

      I guess the EU is doing something to protect its own commerce and citizens from exploitation by non-EU companies and organizations. Sounds reasonable to me.

    3. Re:The EU needs a new law by Anonymous Coward · · Score: 0

      Everyone's a user. Some are logged in, some aren't.

  7. Some points, some not. by Anonymous Coward · · Score: 1

    They have a point with tracking non-users with the Facebook API (like buttons, etc.)
    But good luck suing them for that. EVERY advertiser does that. Every WEBSITE does that in general, without informing users. (unless the webmaster disabled it purposefully, usually on privacy-orientated sites)

    As for the other half, not informing users of tracking while on the site: lol.

  8. Google too? by Anonymous Coward · · Score: 3, Informative

    the company has been tracking both users and non-users of the service through the Like button across the web without informing them about this sort of tracking,

    Very similar, Google tracking shit ("google-analytics" and far more) is embedded all over the web now. It tracks people who have no Google accounts and do not use Google products or services.

    1. Re:Google too? by dave420 · · Score: 1

      If they don't track individual users, that's entirely different.

  9. only *three* instances? by Anonymous Coward · · Score: 0

    surely they could have found one or two (million) others.. just in spain?

  10. Don't forget by nospam007 · · Score: 1

    "One of the issues was that Facebook collects data on ideology, sex, and religious beliefs..." ...and Jew-hating as we learned.

  11. Facebook should have been banned in Spain by franzrogar · · Score: 3, Interesting

    I'm Spaniard, and I live in Spain.

    I've set-up my Google account to not track *anything* from me at all. Not keep a record of anything I search (Google Search), I see (Google YouTube) or hear (Google Music).

    I use Chrome, I've configured:
    - AdBlock Plus with many filters and kept up-to-date
    - Don't track me Google!, installed
    - Do not track
    - Privacy Budget

    I've a Facebook account which I think I've used only three or four times since creation about 6 years ago; and normally I do never login on it unless extrictly needed (last time was about 6 months ago) and I log-out right after.

    I do have an Instagram account, now owned by Facebook, and keep it running always in background mode in my Android; where I do also have an ad-block installed (rooted).

    Well, I looked for colagen pils for my mother in Google Search a month ago and what was my surprise that the same day on the evening the very same pils brand I bought appeared as an ad in Instagram (where I only look for calligraphy, medieval illumination and bookbinding).

    Facebook? Banned for shiting in privacy.

    1. Re:Facebook should have been banned in Spain by Anonymous Coward · · Score: 0

      Doesn't really matter if you log out when the cookies are still there. And it doesn't really matter if you delete the cookies either: https://panopticlick.eff.org/

  12. Replace the M) with B)... by Anonymous Coward · · Score: 0

    They should be fining Facebook BILLIONS not millions.

    1. Re:Replace the M) with B)... by Anonymous Coward · · Score: 0

      The current millions are just the warning. The billions will come - if they keep up their shenigans. When Spain succeeds, expect more European countries to follow.

  13. Informed comment by CyberKrb · · Score: 1

    While I understand it is unfashionable here to know what you're talking about before posting comments --- God forbid reading the fine article .....

    • The law specifies up to â600k for the most serious offences, the range being â300-â600k
    • The law was passed about 15 years ago, even before USers realized that instead of the freest were among the most oppressed/subject to surveillance in the world
    • The law was intended to STING, not KILL (actually, to be a strong deterrent) for spanish SMEs. To that extent, it has had wonderful performance --- I can only recall a handful of serious fines since it was passed by the Parliament. The fines haven't had to be increased since then, for everybody mostly "behaved"
    • This is Europe, where the newest GDPR is being implemented. Do you even have something comparable? Of those, Spain was the earliest (and most careful) in protecting its citizen's rights to Privacy.
      Most commenters can't even dream of this level of protection.
    • Again: this is Europe, not some poor South-American of African country. Our 2016' GNP was ~$1.25 TRILLION, or a bit less than half UK's, so not bad at all!. This means the "this is Spain" comment it totally out of place.
  14. The US needs to grow a spine about privacy by Anonymous Coward · · Score: 0

    and start helping the citizens and users of various systems from personal data rape. Windows 10 is scary spy-ware, Google pulls tricks even down to the level of forcing users to turn on location services just for bluetooth to work with no explanation at all. Combine this with impressive user data-theft, we need to have better privacy laws here.

  15. FLASH: Spain tells FB not to do that again... by Anonymous Coward · · Score: 0

    or they will tell them not to do it again, again.

  16. shock therapy Re: 1.2 Million Euros? by Anonymous Coward · · Score: 0

    every time the same.
    fine is inconvenient cost of doing business.

    it will stop, if they start doing real punishments.

    shove a cattle prod up Fuckerberg's ass and electrocute that cocksucker to death?

    and maybe somebody learns a lesson for the next time.

    bring back lynch mobs and public fucking hangings in the town square, and this kind of bullshit ends quick.

    I'll believe corporations are People, as soon as the State of Texas gets some balls and executes a few.