Spain - Facebook slapped with €1.2M fine for violating data protection regulations

Spain – Facebook slapped with €1.2M fine for violating data protection regulations

Pierluigi Paganini September 12, 2017

The Spanish Data Protection Agency (AEPD) has issued a €1.2 Million fine against Facebook for violating data protection regulations.

Other privacy problems for the tech giant Facebook, the company has been fined for a series of privacy violations in Spain.

The Spanish Data Protection Agency (AEPD) has issued a €1.2 Million fine against Facebook for violating data protection regulations.

According to the AEPD, the social network giant collects users’ personal data without informed and ‘unequivocal consent’ for commercial purposes. It is sharing the data with advertisers and marketers without informing users, the company collects sensitive data on user’s ideology, religious beliefs, sex and personal tastes and navigation.

“The Agency notes that the social network collects, stores and uses data, including specially protected data, for advertising purposes without obtaining consent.

The data on ideology, sex, religious beliefs, personal preferences or browsing activity are collected directly, through interaction with their services or from third party pages without clearly informing the user about how and for what purpose will use those data” states the AGDP.

“Facebook does not obtain unambiguous, specific and informed consent from users to process their data, since the information it offers is not adequate”

The list of violations continues, Facebook doesn’t totally cancel information when no longer needed for the purpose they were collected.

The Spanish Agency considered identified two serious and one very serious infringements of the Data Protection Law and imposes on the company a sanction of 1,200,000 euros.

The AEPD fined Facebook for €600,000 due to a “very serious” infringement, while the remaining two serious violations are:

Tracking people through the use of “Like” button social plug-ins embedded in other non-Facebook web pages (FB slapped with €300,000).
Failing to delete data collected from users once it has finished using it (FB slapped €300,000).

The AEPD accuses Facebook of using a privacy policy containing “generic and unclear terms,” and that doesn’t “adequately collect the consent of either its users or nonusers, which constitutes a serious infringement.”

Below the reply of Facebook to the accusations:

“We take note of the DPA’s decision with which we respectfully disagree. Whilst we value the opportunities we’ve had to engage with the DPA to reinforce how seriously we take the privacy of people who use Facebook, we intend to appeal this decision.”

“As we made clear to the DPA, users choose which information they want to add to their profile and share with others, such as their religion. However, we do not use this information to target adverts to people.” states Facebook.

In May, the company was fined €150,000 because the techniques used to target advertising and track users.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – social network, privacy)

[adrotate banner=”12″]

Pierluigi Paganini June 28, 2025

LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

Pierluigi Paganini June 27, 2025