CNIL fines Facebook for personal data violation, DPA considers issuing sanction

The Commission Nationale de I’Informatique et des Libertés (CNIL), France’s data protection watchdog, has fined Facebook €150,000 for violating the country’s data protection rules. CNIL published a statement saying Facebook has failed in informing its users about how their personal data is tracked and shared with advertisers. A common statement by the Contact Group of the Data Protection Authorities of the Netherlands, France, Spain, Hamburg, and Belgium has also been issued along with the investigation results from three member countries: France, Belgium, and the Netherlands. At the same time, the Dutch Data Protection Authority (DPA) Autoriteit Persoonsgegevens’s statement says that Facebook violates Dutch data protection law and does not provide sufficient information about the use of their personal data. DPA stated they did not fine Facebook, but if the violations continue ‘may decide to issue a sanction’. As a response, Facebook’s spokesperson said in an email statement to Reuters: ‘We take note of the CNIL’s decision with which we respectfully disagree’.