Today, the Spanish data protection agency (AEPD) fined Facebook 1.2 million euros ($1.4 million USD) in connection with how the company collects personal data for advertising purposes. The AEPD said Facebook did not get properly informed consent from users before exploiting this data as well as kept this data longer than it’s useful purpose.

In a statement, Facebook claimed the AEPD was wrong to say it showed people advertising based on personal data. It said ad-targeting was instead based on the interest people express by “liking” certain content on the social network platform.

Interestingly, EU law defines personal data as “any information relating to an identified or identifiable natural person,” so people’s “likes” would qualify as personal data.

Regarding data retention, when a social network user has deleted his account and requests the deletion of the information, Facebook captures and treats information for more than 17 months through a deleted account cookie. Therefore, the AEPD considers that the personal data of the users are not canceled in full or when they are no longer useful for the purpose for which they were collected or when the user explicitly requests their removal, according to the requirements of the local data protection law, which represents a serious infringement.

Facebook intends to appeal the decision, so we’ll have to wait and see how this plays out.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jim Merrifield Jim Merrifield

Jim Merrifield is Robinson+Cole’s Director of Information Governance & Business Intake, a member of the Data Privacy + Cybersecurity Team, and a non-attorney contributor to the Data Privacy + Security Insider blog. He has spent nearly 20 years helping organizations of all sizes…

Jim Merrifield is Robinson+Cole’s Director of Information Governance & Business Intake, a member of the Data Privacy + Cybersecurity Team, and a non-attorney contributor to the Data Privacy + Security Insider blog. He has spent nearly 20 years helping organizations of all sizes, including law firms and Fortune 500 companies, develop and implement practical information governance strategies, policies, and best practices. Jim is a well-respected expert in the information governance industry. With an extensive background in policy development and enforcement, enterprise program deployment, and technology solutions, he has earned a strong reputation as a knowledgeable practitioner and reliable consultant. His deep understanding of the space is reflected by his many publications, lectures, and consulting services for top-tier companies and law firms. Jim holds a bachelor degree in Legal Studies from Quinnipiac University and is a certified information governance professional (IGP).

Jim’s innovative thinking and commitment for the industry has enabled him to create the popular podcast, InfoGov Hot Seat, a platform for candid conversations featuring practitioners, consultants and solution providers – offering valuable perspectives to listeners about legal technology and managing information as an asset.