CNIL Gives Facebook No Quarter on Safe Harbor

A man looking at the camera

Just over four months after the European Court of Justice declared Safe Harbor illegal, France’s Commission Nationale de l’Informatique et des Libertés has issued a formal warning to Facebook: stop collecting data from people who visit Facebook without an account, and stop sending data to the United States.

The company has three months to comply. Safe Harbor, a protocol allowing the transmission of user data from the E.U. to the U.S. in order for businesses to operate, came under fire after the revelation that tech companies in the United States were sharing user data with the federal government. It was declared invalid in October of 2015.

A replacement agreement—the EU-US Privacy Shield—has yet to be approved.

Facebook, for its part, told Tech Crunch that it, “like many thousands of European companies, relies on a number of the methods prescribed by EU law to legally transfer data to the US from Europe, aside from Safe Harbor.” Facebook was sued by Belgium last summer, forcing the company to change it tracking methods. It is being investigated by Germany, Spain, and the Netherland’s data protection authorities, as well.

Aside from Safe Harbor, CNIL has told Facebook to stop tracking people who visit Facebook without having an account, saying that the company sets tracking cookies without warning when non-users visit a public Facebook page.

The body also found that Facebook was setting advertising cookies “without properly informing and obtaining the consent of internet users,” which it uses to compile audience data and target ads for advertisers while providing no method for Facebook users to opt out of the compilation of their personal data. CNIL says that lack of control violates users’ “fundamental rights and interests, including their right to respect for private life.”

CNIL also takes issue with Facebook’s collection of users’ sexual orientations, political views and affiliations, and religion “without the explicit consent of account holders.”

Facebook has three months to fall in line with France’s Data Protection Act before CNIL imposes sanctions against the company.

When you follow French Morning’s English Edition on Facebook, Facebook follows you back.

A close up of a sign


Get your weekly dose of Frenchly’s news.

Read more

Frenchly newsletter.

A close up of a sign

Get your weekly dose of Frenchly’s news.

Frenchly Newsletter.

A close up of a sign

Get your weekly dose of Frenchly stuff.