The French data protection authority the Commission Nationale de l’Informatique et des Libertés (CNIL) has issued Facebook with a formal notice to comply with European data protection law, reports Techcrunch. The company has been given three months to makes changes deemed necessary or face sanctions from the authority.
To comply, Facebook will need to stop collecting the browsing activity of French users that do not have Facebook accounts as well as stop transferring certain data to the US. This ruling is similar to the Belgian ruling from December, that prevented Facebook from tracking Belgian visitors that did not have Facebook accounts. Users from Belgium would need to log in or create an account to see public pages, and it’s likely French non-Facebook users will now need to do the same.
The CNIL ruling is based on EU law, and will potentially hold throughout EU. Other than France and Belgium, Netherlands and Germany are also a part of the task force investigating possible violations of EU law by Facebook. These rulings might set a precedent where Facebook will be refrained from tracking non-users through the EU. The Austrian Supreme Court is also currently deciding whether to allow a class action lawsuit against Facebook for privacy violation.
Safe harbour strike down: In October, a ruling from the European Court of Justice struck down the Safe Harbor mechanism which facilitated the transfer of personal data from the EU to servers hosted in the US, which essentially meant that user data generated in the EU would have to be hosted in the EU, and be governed by EU laws for data protection. Read more here.
A new deal called EU-US privacy shield is currently in the works, which calls for ruling out mass surveillance, protection and appeal mechanisms for EU citizens and more stringent obligations on the US processing data. The national data protection authorities in the EU are expected to come out with minimum standards and guidelines on a country by country basis.
Image source: Flickr user mkhmarketing