Newsletter March 2021 – Data protection violation through an ‘unclear’ privacy policy: 7-million euro fine against Facebook in Italy

Even higher, however, is the fine that the Italian competition authority (AGCM) has now imposed on Facebook. Facebook is to pay 7 million euros for not having sufficiently informed users about how their data is actually used.

Facebook had not sufficiently informed users who registered on the platform about how the company used their data, the antitrust authority stated. The online network apparently failed to implement requirements imposed back in November 2018.

The information provided to users was found to be incomplete and unclear. Users are allegedly left unable to distinguish which data is used for advertising purposes and which data is used to create a profile that serves the user’s purposes. This was held “deliberately misleading” during the registration process.

Another criticism is that Facebook does not make its commercial intentions clear, but only repeatedly emphasizes that the service is free to use.

Facebook was also found to have failed to amend its privacy policy following a previous ruling from 2018. Facebook disagrees and has pointed out that it is still appealing this decision. Rather, Facebook finds that it had sufficiently changed the terms of use to make them more understandable.

In the United States, Facebook notably had to accept an even higher fine for data protection violations. Following the ‘Cambridge Analytica’ scandal, the social network had to pay more than 5 billion U.S. dollars in 2019.