The Spanish Data Protection Authority (AEPD) has condemned Facebook Inc. to the payment of a sanction of 1,200,000 Euros for the existence of two serious and one very serious infringements of Data Protection Law.
According to the Agency, Facebook treats personal data for advertising purposes without express consent of the data subjects and does not erase the data after the completion of the purpose. Furthermore, sensitive data like sexual orientation, believes and personal tastes are collected with the interaction of third party web pages without informing the users of the processing of their personal data nor on the purpose. This last infringement was classified by AEPD as very serious since the collection and use of sensitive data, which require special protection, was abused and performed in a way that did not grant adequate protection to the Facebook users.
The investigations were part of a joint effort of the Data Protection Authorities of: Belgium, France, Hamburg and the Netherlands. We remind that Facebook was already sanctioned by the French Data Protection Authority in May to a 150 Million Euros fine for multiple breaches of the Data Protection Law.