Facebook faces data transfer restrictions from France, as the country’s data protection authority is giving the social media company three months to make the changes. The French are demanding to put an end to the transfer of personal data of Facebook users to the United States.
The CNIL (Commission Nationale de l’Informatique et des Libertés) has released the order last Monday. The order makes reference to another such document that was established by the European Union’s Court of Justice regarding personal data transfers. These transfers that take place between the United States and the European Union cannot be named safe harbor agreements because the data was not guarded from the prying eyes of U.S. spy agencies.
The E.U. and the U.S. managed to reach an agreement this month named the EU-US Privacy Shield. This new act is intended to replace the old safe harbor. However, it will be some time before it is implemented because European states are currently assessing whether it is good enough to protect the data of their citizens.
The data policy of Facebook states that it does comply with the US-Swiss and US-EU Safe Harbor, but it seems its problems go deeper. The data collection practices of the company tend to plant cookies on individuals who do not have accounts on the social media platform.
CNIL has demanded that Facebook stops gathering data from its users in order to use it in advertising, since this is neither the contract’s primary object, nor the intention of the users.
Furthermore, Facebook was previously ordered by the Privacy Commission of Belgium to stop the usage of the “datr” cookie that was used to collect data from account-less people who visited the site for a period of two whole years. Facebook claimed that the cookie was actually helping them make a difference between the legitimate and illegitimate visits on the website. However, CNIL has concluded that the cookie allows Facebook access to the browsing history of an individual that can cover a period of ten days.
The company stopped using “datr” but also decided to make public content inaccessible to people who do not have accounts. This basically means that people can only have access to the social media platform if they are willing to give personal data in return.
As a result, the company has been given 3 months to comply with the demands of CNIL. Otherwise, it will have to face sanctions as stated in the French Data Protection Act.
Since Facebook faces data transfer restrictions from France, maybe this is a first step towards the privacy of Internet users whose personal information is constantly being stolen by major corporations. Facebook has yet to comment on the matter.
Image Source: Social Matter