$11M USD fine for Facebook for non-compliance with privacy rules

The regulatory agency in Italy declared that the social network is guilty of deceiving consumers regarding the use that gives their data

Facebook has been fined by European authorities for the second time for breaches related to users’ privacy. This time, the authority that has decided to fine the company is Italian Competition Authority (ICA), according to experts in digital forensics from the International Institute of Cyber Security. The authorities stated that Facebook violated the Italian Consumer Code, so it will be imposed two fines with a total value of about $11M USD.

The ICA states that the social network violated several articles of the Consumer Code because it erroneously informed consumers of the use that Facebook makes with their personal data. The ICA determined that Facebook does not explicitly inform people how their personal information will be used for commercial purposes at the time they are registered on the platform.

According to a statement from the ICA, “Facebook emphasizes the gratuitousness of the service, but omits to inform about the commercial use that is given to users’ data. The company’s privacy notices are ambiguous and no appropriate distinction is made between the use of personal information to complete a user profile and use for commercial purposes”, the ICA statement mentions.

The Italian authorities also discovered that Facebook intentionally sends its consumer data to websites and third-party apps for commercial purposes without the user’s express consent, which represents a violation of articles 24 and 25 from the Consumer Code. In addition, according to experts in cybersecurity and digital forensics, if users change these default configurations, they face restrictions on the use of Facebook’s platform.

“Authorities’ rulings on issues like this help to form precedents for corporate action in the future,” considers Abhishek Iyer, an expert in digital forensics. “Over the next few years, regulatory authorities must specify truly functional policy frameworks to protect user information that companies like Facebook have access to,” adds the expert. Iyer also believes that users must have the right to revoke any permission to share information with third parties without facing reprisals or limitations on the use of any online service.

This is the second time that European authorities impose fines for Facebook; previously, the United Kingdom had already fined the social network with $645k USD because of the Cambridge Analytica scandal, in which data of over 80 million users were leaked for third parties.

Although these are considerable figures, these fines represent only a slight annoyance to Facebook and its $5 billion USD net earnings per quarter. However, experts in digital forensics commented that this could change due to the entry into force of the General Data Protection Regulation (GDPR), which establishes that companies that do not comply are faced with fines equivalent to 4% of their annual incomes. Under this legislation, companies with Facebook’s earnings level would face fines of up to $1.6 billion USD in the event of a violation of the GDPR.