The famously frosty French may be Facebook addicts like most of the rest of us, but that doesn't mean it wants the social media giant to be gathering information from non-users.
The country's data regulation authority, Commission nationale de l'informatique et des libertés (CNIL), issued a demand to Facebook to comply within three months with the French Data Protection Act, which means it must stop some personal data transfers to the United States. The social network must also must cease collecting data from non-Facebook members.
The transfer of personal data to the United States on the basis of Safe Harbor was declared invalid by the Court of Justice of the European Union in October.
The CNIL performed on site and online inspections, as well as a documentary audit, in order to verify that Facebook was acting in compliance with the French Data Protection Act, and found several failures.
These include setting cookies that have an advertising purpose without properly informing and obtaining the consent of Internet users, as well as collecting -- without prior information -- data concerning the browsing activity of Internet users who do not have a Facebook account.
The CNIL also charged that Facebook compiles all the information it has on account holders to display targeted advertising. In turn, company provides no tools for account holders to prevent such compilation, which the authority said violates fundamental personal rights and interests, including the right to respect for private life.
"The social network collects data concerning the sexual orientation and the religious and political views without the explicit consent of account holders," a Feb. 8 statement from CNIL added. "In addition, Internet users are not informed on the sign up form with regard to their rights and the processing of their personal data."
The French explained the notice is not a sanction and the procedure would be publicly closed if Facebook complies with the French data protection Act within the time limit of three months.
However, if Facebook and its Ireland-based subsidiary, Facebook Ireland Limited, do not comply with the request, the chairperson of the French data authority could appoint a "rapporteur," who might refer the matter to the CNIL's Select Committee, which could result in a number of different sanctions against Facebook.
"Protecting the privacy of the people who use Facebook is at the heart of everything we do," a CNIL spokeswoman told Reuters. "We look forward to engaging with the CNIL to respond to their concerns."
The CNIL also noted the investigations conducted by the Belgian, German, Spanish, and Dutch data protection authorities are ongoing at the national level and within an international administrative cooperation framework.
Back on our side of the pond, recent privacy efforts have been less robust. The US Federal Communications Commission (FCC) recently rejected a consumer group's request to force websites "like Google, Facebook, YouTube, Pandora, Netflix, and LinkedIn" to honor "Do not track" requests from users.
The petition, filed by California-based nonprofit Consumer Watchdog in June, asked that these kinds of websites should allow people to use their services without giving them derived data in return.
Rising stars wanted. Are you an IT professional under age 30 who's making a major contribution to the field? Do you know someone who fits that description? Submit your entry now for InformationWeek's Pearl Award. Full details and a submission form can be found here.