€ 150 Million fine to Facebook by French Data Protection Authority

Last week, the French Data Protection Authority (DPA) has condemned Facebook Inc. and Facebook Ireland to the payment of a  € 150 million fine. The sanction is part of a joint investigation carried out by the data protection authorities of France, German Land of Hamburg, the Netherlands, Belgium and Spain on the practices of Facebook. The investigations by the French DPA have led to discover the existence of multiple breaches of the Data Protection Act. In particular, it was discovered that Facebook was perpetrating a  massive combination of the personal data of the Internet users for purposes of targeted advertising. It was also found that Facebook was systematically tracing Internet users (having or not an account) on third party sites via a cookie (“date” cookie). That tracing practise was being conducted without the users’ knowledge. Following a series of unsatisfactory replies to the French DPA by Facebook, the Authority, in a restricted panel, finally decided to impose the sanction for the following reasons:

  1. the users had no possibility to oppose to the massive combination of their data neither at the moment of the registration, nor after that one
  2. the information provided on the cookie banner was not precise enough to grant data safety. The cookies banner indeed, did not provide to users any information about the fact that their data were systematically collected whenever they were surfing on a website including a social network module.

The amount and the publicity of this sanction were justified by the number of breaches (6 in total), their seriousness and the large number of users.

€ 3 Million fine to WhatsApp Inc. by Italian Antitrust Regulator

WhatsApp was taken over by Facebook in 2014 and two years later, it introduced new terms of service and privacy policies that gave Facebook access to WhatsApp users’ data.

Since October 2016, the Italian Regulator was investigating on alleged breaches to the Consumer Code by WhatsApp Inc. Two investigations led to a fine of € 3 Million imposed to the company on the 11 May 2017 mainly for “inducing” users of the messaging service to share its data with Facebook, its parent company.

In the first investigation, the Italian Antitrust found out that WhatsApp users were led to believe that, failing the acceptance of the new Terms and conditions put in place in August 2016 (in particular when mentioning the sharing of data with Facebook), they would not be able to use the service anymore. Users that were already registered to the service before August 2016 could instead partially agree to the new Terms and Conditions by limiting the access to Facebook and preventing, in such a way, the sharing.

During the second investigation the Italian regulator criticised WhatsApp for introducing “unfair clauses” to its term of service such as: very broad and generic provisions on the limitation of liabilities, possibility for the company to interrupt the service without notice and without reason, company right to terminate the contract unilaterally or to introduce economic modifications without justification.

Huge fine to Facebook for providing misleading information when purchasing WhatsApp

On the other hand, the EU’s Antitrust has decided to impose a fine of € 110 million on Facebook for providing “misleading information” when purchasing WhatsApp in 2014. At that time Facebook ensured the EU Commission that it would not be possible to link Facebook accounts to WhatsApp’s, as instead it was done in 2016. “The fine”, says EU Commissioner for Competition Margrethe Vestager, “ is a clear signal to companies that must comply with EU rules, including the obligation to provide correct information”. The fine imposed on Facebook is “proportionate and deterrent,” warned the  Commissioner.

According to EU merger rules, Brussels may in fact impose a penalty equal to 1% of the annual turnover of a company if incorrect or misleading information were deliberately provided. According to the regulators,  Facebook has committed two offenses: it provided misleading information in 2014 and in the clarification response requested by Brussels at the end of 2016. The Facebook staff in fact was apparently aware from 2014 about the technical possibility of automatically linking Facebook profiles to those of WhatsApp, nevertheless, this possibility was always denied. By admitting to have committed the offence, Zuckerberg’s company was granted by the Commission a reduction of the fine to € 110 million from nearly € 250 million potential, equal to 1% of the 2016 revenues of the social media company.