PARIS — France’s data protection watchdog CNIL has fined Facebook 150,000 euros ($224,000) for failing to prevent its users’ data being accessed by advertisers.
The fine is small in the context of the company, which has quarterly revenue of about $US8 billion ($11 billion) and a stock market capitalisation which stands at about $435 billion ($586 billion). But it is the maximum amount the CNIL could fine when it started the investigation on the tech giant.
CNIL said its fine — which was imposed on both Facebook Inc and Facebook Ireland — was part of a wider European investigation also being carried out in Belgium, the Netherlands, Spain and Germany into some of Facebook’s practices.
The CNIL can now issue fines of up to 3 million euros ($4.5 million), after the passing of a new law in October 2016.
Last year, the French watchdog had given Facebook a deadline to stop tracking non-users’ web activity without their consent and ordered the social network to stop some transfers of personal data to the United States.
Facebook argued that the Irish data protection authority, not the CNIL, was the competent authority to formulate such orders, as the social media company’s European headquarters are located in Dublin.
In a statement on Tuesday, Facebook did not say whether it would now take action as a result of the fine.
“We take note of the CNIL’s decision with which we respectfully disagree,” Facebook said in a statement.
“Over recent years, we’ve simplified our policies further to help people understand how we use information to make Facebook better.”
The French order was the first significant action taken against a company transferring Europeans’ data to the US following an EU court ruling last year that struck down an agreement that thousands of companies, including Facebook, had relied on to avoid cumbersome EU data transfer rules.Follow @gorkhapost
Android apps may be illegally tracking children, study finds
Over 3300 free and popular children’s Android apps available on the Google Play Store could be violating child privacy laws, according to a new, large-scale study, highlighting growing criticism of Silicon Valley’s data collection efforts.
Researchers using an automated testing process have discovered that 3,337 family and child oriented Android apps on Google Play were improperly collecting kids’ data, potentially putting them in violation of the US’ Children’s Online Privacy Protection Act, or COPPA law (which limits data collection for kids under 13).
Only a small number were particularly glaring violations, but many apps exhibited behavior that could easily be seen as questionable.
Researchers analyzed nearly 6,000 apps for children and found that 3,337 of them may be in violation of the COPPA, according to the study report. The tested apps collected the personal data of children under age 13 without their parent’s permission, the study found.
“This is a market failure,” said Serge Egelman, a co-author of the study and the director of usable security and privacy research at the International Computer Science Institute at the University of California, Berkeley.
“The rampant potential violations that we have uncovered points out basic enforcement work that needs to be done.”
The researchers are adamant that they’re not showing ‘definitive legal liability.’ These apps may be running afoul of the law, but it’s up to regulators at the FTC to decide if they are. Without iOS data, it’s also unclear how common this problem is across platforms.
The potential violations were abundant and came in several forms, according to the study. More than 1,000 children’s apps collected identifying information from kids using tracking software whose terms explicitly forbid their use for children’s apps, the study found.
The researchers also said that nearly half the apps fail to always use standard security measures to transmit sensitive data over the Web, suggesting a breach of reasonable data security measures mandated by COPPA. Each of the 5,855 apps under review was installed more than 750,000 times, on average, according to the study.
Unfortunately for parents, there’s little consumers can do to protect themselves since the policies and business practices of app developers and ad tracking companies are often opaque, Egelman said.
The study also points to a breakdown of so-called self-regulation by app developers who claim to abide by child privacy laws, as well as by Google, which runs the Android platform, he said.