France attacks Facebook data tracking, opening new front in privacy battles
| PARIS
In yet another fissure between the US and Europe over digital privacy practices, French regulators听ordered Facebook to curtail its online data collection practices.
The country's听data protection authority, known by its French acronym CNIL, ruled this week to give Facebook three months to stop听transferring data on French users to the states and to refrain from collecting information about nonusers, or else face hefty fines.
French regulators claim that the social media behemoth violates the country's data privacy laws because it tracks information听on Internet users' sexual orientation, religious, and political views "without the explicit consent of account holders" and fails to inform users that it uses "cookies" 鈥 information about stores on users' browsers 鈥 to track activity on third-party pages.
The ruling is the latest blow to Facebook in Europe and comes amid a major overhaul of privacy regulations in the European Union that will affect how thousands of US companies handle Europeans' personal information.
Even though American and EU regulators agreed earlier this month on a new, more robust data privacy regime to satisfy Europeans' privacy concerns, that deal known as Privacy Shield will take months to put into place.听
In the meantime,听companies such as Facebook face more uncertainty and roadblocks听in their dealings with European data protection regulations. Until Privacy Shield is implemented,听US tech firms must abide by the privacy policies of individual countries.听
The French ruling against Facebook "can easily happen to another American company," said听Christopher Talib, campaign manager of Paris-based internet freedom watchdog La Quadrature du Net.听听
"The minute they stop following the rules in France and the rights of our citizens, there is a problem," he said. "Internet users see that Like button everywhere but they never think that by clicking it, their privacy will be compromised."
The French data regulator's decision isn't the first time European countries have complained about the company's practices. Last fall,听a Belgian court ruled that the company put a stop to tracking nonusers' browsing activity or face fines. In December, the company ultimately agreed to stop using Internet cookies that track nonusers' activity.听
In fact, Facebook's data collection practices in Europe were at the center of last year's court battle over the so-called Safe Harbor agreement, the transatlantic deal that outlined how American companies would safeguard European data.
The European Court of Justice eventually invalidated that deal after听Austrian privacy activist Max Schrems argued that Facebook violated its terms. Essentially, he argued that Facebook couldn't keep data it moved to US听servers听safe from National Security Agency spying. The new Privacy Shield agreement is meant to put greater protections on Europeans' data.
Until Privacy Shield is put into action, it'll be a challenging period for US companies, since each country operates under its own legal framework,听said听Thomas Lanson, a security researcher at the Paris-based French Institute for International and Strategic Affairs.听
"The [US companies] needs to find a way to deal with that without altering its services," said Mr. Lanson.
French data regulators said it simply wants Facebook to give both users and nonusers notification about how the company is tracking听them听online 鈥 and what information听it collects.听"Companies should at a minimum inform users over transparency concerns," said CNIL.听
"European Internet users have rights that must be respected," the agency said. "It鈥檚 a question of confidence between the user and the internet service provider."听
In addition to France, data protection authorities in the听Netherlands, Spain, and Germany听are investigating听Facebook鈥檚 compliance with local and European privacy legislation.
Facebook听did not respond to a request for comment.
, Facebook Chief Operating Officer Sheryl Sandberg said that "poorly designed regulation" would hamper innovation and stifle businesses. She encouraged regulators not to stand in the way of "progress" with burdensome privacy policies.
There are others who say that European regulators are also wielding privacy policies as a way of keeping data inside the EU, which could be a boon to the fledgling European digital economy.
"This digital revolution has created so many jobs in the US, but it's no secret that France is lagging behind in this domain," says Lanson of the听Institute for International and Strategic Affairs.
American tech firms' revenues from European users goes听to US companies instead of remaining in the country, at a time when the French 鈥 and European 鈥 economy is struggling.听
"This process destroys access for French companies to create advertising jobs and revenue and instead gives it to the US," he says. "Data protection is incredibly important for EU member countries for this reason."
听
