BRUSSELS (by Julia Fioretti, Reuters) — The French data protection authority on Monday gave Facebook three months to stop tracking non-users’ web activity without their consent and ordered the social network to stop transferring personal data to the United States.
The French order is the first significant action to be taken against a company transferring personal data to the United States following an EU court ruling last year that struck down an agreement that had been relied on by thousands of companies, including Facebook, to avoid cumbersome EU data transfer rules.
The transatlantic Safe Harbour pact was ruled illegal last year amid concerns over mass U.S. government snooping and EU data protection authorities said firms had three months to set up alternative legal arrangements for transferring data.
That deadline expired last week meaning regulators can now start taking legal action against companies still relying on Safe Harbour for approval to transfer data.
“Facebook transfers personal data to the United States on the basis of Safe Harbour, although the Court of Justice of the European Union declared invalid such transfers in its ruling of October 6, 2015,” the French CNIL said in a statement.
The regulator said Facebook’s tracking of non-users through a cookie placed on their browser when they visit a Facebook page did not comply with French privacy law.
The U.S. company was already forced to stop tracking non-users in Belgium last year after the Belgian regulator took it to court.
If Facebook does not comply within three months it could be fined, the regulator said.
The audio problem: Learn how new cloud-based API solutions are solving imperfect, frustrating audio in video conferences. Access here