Facebook Inc. must stop tracking Belgian users’ surfing outside the social network and delete data it’s already gathered, or it will face fines of 250,000 ($312,000) euros a day, a Belgian court ruled.
The court ruled on Friday that Facebook had broken privacy laws by tracking people on third-party sites in the latest salvo in a long-running battle between the Belgian commission for the protection of privacy (CPP) and the social network.
Facebook “doesn’t sufficiently inform” clients about the data it gathers on their broader web use, nor does it explain what it does with the information or say how long it stores it, the Brussels Court of First Instance said in a statement.
Facebook uses cookies, social plug-ins — the “like” or “share” buttons — and pixels that are invisible to the naked eye to collect data on people’s behavior during their visits to other sites, the court statement says, citing an investigation by Belgium’s Privacy Commission that it said it backed fully.
Facebook in Europe
This is just one of many battles Facebook is fighting in Europe as the political winds have turned against the big US technology firms. The EU and European nations continually criticize Facebook for failing to do enough to tackle the rise of fake news and to deal with extremist content.
The company is “disappointed with today’s verdict” and intends to appeal, Facebook’s head of public policy for Europe, Richard Allan, said. “Over recent years we have worked hard to help people understand how we use cookies to keep Facebook secure and show them relevant content.”
Facebook must publish the 84-page ruling on its website and display extracts in Belgian newspapers within three months, a court spokeswoman said. It also rejected Facebook’s arguments that a Belgian court couldn’t rule on a business headquartered in the U.S. and which runs operations for the rest of the world from its Irish unit. The court said it was competent to rule on breaches of Belgian privacy law when the company tracks web users in Belgium.
This is all on the eve of the introduction of tough new European data privacy rules, called the General Data Protection Regulation, which come into force on May 25th.
Allan said: “We are preparing for the new General Data Protection Regulation with our lead regulator the Irish Data Protection Commissioner. We’ll comply with this new law, just as we’ve complied with existing data protection law in Europe.”