CNIL issued formal notice to FACEBOOK for use of data transfer based on Safe Habor

The Chair of the Commission Nationale de l’Informatique et des Libertés (CNIL) issued formal notice to FACEBOOK to fairly collect data concerning the browsing activity of Internet users who do not have a FACEBOOK account. FACEBOOK must also provide account holders with the means to object to the compiling of their data for advertising purposes.

Europe’s highest court struck down Safe Harbor in October after reviewing Austrian privacy campaigner Max Schrem’s case against Ireland’s data-protection authority and his unmet demand for Facebook Ireland to stop transferring data to the US in light of the NSA’s PRISM surveillance program. CNIL has also ordered Facebook to stop collecting browsing activity of non-Facebook members without informing them it collects data by setting its ‘datr’ cookie to browsers that visit a public Facebook page.

FACEBOOK collects, without prior information, data concerning the browsing activity of Internet users who do not have a FACEBOOK account. Indeed, the company does not inform Internet users that it sets a cookie on their terminal when they visit a FACEBOOK public page (e.g. page of a public event or of a friend). This cookie transmits to FACEBOOK information relating to third-party websites offering FACEBOOK plug-ins (e.g. Like button) that are visited by Internet users.

The social network collects data concerning the sexual orientation and the religious and political views without the explicit consent of account holders. In addition, Internet users are not informed on the sign up form with regard to their rights and the processing of their personal data.The website also sets cookies that have an advertising purpose without properly informing and obtaining the consent of Internet users.

FACEBOOK compiles all the information it has on account holders to display targeted advertising (information provided by the Internet users themselves, collected by the website and by other companies of the group, and transmitted by commercial partners). As it is, the company provides no tools for account holders to prevent such compilation, which thereby violates their fundamental rights and interests, including their right to respect for private life.

FACEBOOK transfers personal data to the United States on the basis of Safe Harbor, although the Court of Justice of the European Union declared invalid such transfers in its ruling of October 6, 2015.