France gives Facebook data privacy ultimatum

9 Feb, 2016

Social network has three months to rectify alleged legal breaches

Facebook is facing legal action in France after the country's data protection regulator found the company has fallen short of many data protection requirements stipulated under French law.

The French National Commission of Technology and Liberties (CNIL), which is in charge of the protection of the protection of personal data, has published “a long indictment against the manner in which Facebook collects and uses to data of its 30 million French users”, according to French newspaper Le Monde.

The alleged breaches include not getting the appropriate consent from members to use their personal information to serve targeted ads, accepting and retaining users’ medical data – which was found to be “too sensitive” - and not explicitly saying what it does with information on users’ sexuality.

Facebook has also been criticised for not informing French users clearly enough that all their data is sent to the United States, which the commission claims is based on the now-defunct Safe Harbour agreement.

It has also criticised the social network for not ensuring members use strong passwords, which may also constitute a breach of French law, as well as not giving sufficient information for cookie consent and storing the IP addresses of users for an excessive amount of time.

Facebook now has three months to rectify these shortcomings or apply for an extension to that deadline. Should the company fail to do either of these things it will face sanctions, Le Monde reports.

For its part, Facebook told the newspaper: “The protection of privacy is a priority for Facebook. We are confident that our service conforms to European law with regard to the protection of data. We have, of course, put ourselves in contact with the CNIL to discuss the issues raised.”