French data protection regulator CNIL, has flagged Facebook with a formal notice to comply with European data privacy laws within the next three months, or face possible sanctions. Facebook is said to now be reviewing the CNIL's demands. The CNIL has argued that the social network is violating multiple data protection laws, including the collection of non-member browsing activities. It also added that the platform is gathering data regarding the sexual orientation, religious and political preferences 'without the explicit consent of account holders.' It noted too that Facebook does not notify users at sign-up of their rights concerning their personal data. The CNIL further accused Facebook of setting advertising cookies 'without properly informing and obtaining the consent of internet users.'
(Score: 1, Funny) by Anonymous Coward on Wednesday February 10 2016, @10:12PM
Facebook withheld their response to this request until they've implemented their "Don't Like" button.
(Score: 2) by Rosco P. Coltrane on Thursday February 11 2016, @01:55AM
Facebook will just keep right on doing all of these things, but lie convincingly to that French agency about it next time they come audit them.
Facebook is way too big and popular for any law to touch them, and they know it full well. There's no way in hell France can shut them down if they wanted to.
(Score: 2) by frojack on Thursday February 11 2016, @02:11AM
When you look closely at the complaint:
FACEBOOK collects, without prior information, data concerning the browsing activity of Internet users who do not have a FACEBOOK account. Indeed, the company does not inform Internet users that it sets a cookie on their terminal when they visit a FACEBOOK public page (e.g. page of a public event or of a friend). This cookie transmits to FACEBOOK information relating to third-party websites offering FACEBOOK plug-ins (e.g. Like button) that are visited by Internet users.
Its a little confusing what exactly is going on here, but if you visit a facebook page you sort of intrinsically know THAT visit is going to be logged. In fact I suspect French law DEMANDS that it be logged.
But it seems that they are saying that visiting some random Blog that happens to have a like button on it will trigger the return of a cookie data by merely having that button on the page, whether or not you click that button.
(I wouldn't know, I use UBlock Origin with the social nuisance filter turned on, I haven't seen a like button in months).
No, you are mistaken. I've always had this sig.
(Score: 4, Interesting) by raattgift on Thursday February 11 2016, @02:17AM
The regulators' goal in most European Union member-states is to make non-compliance unprofitable.
They don't need to threaten "nuclear" responses like a shutdown or ban or the available-under-EU-law 25% of global revenue fine.
They simply have to cause the regulated entity (Facebook, in this case) to absorb the cost of an external forensic audit to determine the increase in gross margins from the non-compliant behaviour (cost here includes cost of any litigation in resisting the audit, plus indemnity against foot-dragging by the regulated entity), plus a fine proportional to that marginal increase, where the proportional target is 1:1 unless there is extremely bad behaviour on the part of the regulated entity.
So, basically, Facebook would be on the hook for the extra profit of not complying, plus -- and this is likely to be a much bigger number -- the cost of digging into Facebook's accounts around the world.
Most global companies that do business in such jurisdictions comply willingly, because the cost of compliance is *less* than the cost of resisting.
A key point here is that there have been about thirty years of coordinated regulatory law in the acquis communitaire, and all the national regulators talk directly with one another, as well as to the European Commission. It is virtually certain at this point that CNIL has the support in principle of its peers and its national government, in the sense that they all agree that the direction of regulation they are taking is reasonable. The front-line regulator (CNIL, in this case) is not acting in a vacuum, and Facebook will certainly know already that losing a hard-fought battle with a front-line regulator is not only expensive in and of itself, but that it balloons rapidly to the whole EU, and to various other OECD states.
"Lying convincingly" runs the risk of being discovered in some future audit; that runs the risk of a criminal prosecution (there is no statute of limitations) of the individuals responsible for the lie, as well as corporate fines that would likely trigger civil actions against the individuals. A typical outcome of criminal prosecution of that nature is a long, and sometimes lifetime, ban on holding various positions in registered companies; lifetime bans on practising law or holding directorships in publicly traded companies are doled out like candy in some member-states.
Finally, the usual approach of capturing regulators by offering former regulators jobs ("advisory positions in the regulatory affairs department") tends to fail thanks to subsidiarity. Doing this for on the order of thirty regulators has so far proven impossible, and it's a strength of European federalism compared to other federal systems with different divisions-of-powers (e.g., the FCC, FDA, USDA, and FAA are all highly captured regulators, with a revolving door between the top level appointees and next-level career management and the handful of large players in the regulated sectors.)
(Score: 0) by Anonymous Coward on Thursday February 11 2016, @09:15AM
This is easily the most well thought out, written, and worded post I've ever seen on Slashdot or Soylent...
Congrats