Italy’s Competition Authority on Friday slapped Facebook with two fines that total 10 million euros ($11.4M) for using people’s data for commercial purposes in ways that break the country’s laws.
Italy issued the first fine after deciding that the social network persuaded people to register for accounts on the platform without informing them during the signup process that their data would be collected and used for commercial purposes.
The second fine relates to passing user data onto third parties. Facebook ‘exerts undue influence on registered consumers’ to share data ‘without express and prior consent’ from its own platform to third-party websites and apps, the Competition Authority said in a press release. It says that Facebook is now obliged to publish a ‘corrective statement’ to all users via its desktop site and apps.
Facebook has endured a rough ride this year in terms of data scandals, starting with the Cambridge Analytica revelations in March. The company updated many of privacy settings around that time, in part as a response to the scandal and in part to comply with the EU’s new General Data Protection Regulation, which came into force in May.
The company said it’s reviewing the Competition Authority’s decision and hopes to work with the agency to resolve its concerns. It also pointed to the steps it’s taken in recent months to address privacy issues.
‘This year we made our terms and policies clearer to help people understand how we use data and how our business works,’ said a spokeswoman for Facebook in a statement. ‘We also made our privacy settings easier to find and use, and we’re continuing to improve them. You own and control your personal information on Facebook.’
The fine issued on Friday appears to be unrelated to both GDPR and Cambridge Analytica, but rather comes as a result of a separate investigation Italy opened in April of this year.
The only penalty the company received for data protection violations relating to Cambridge Analytica came in October from the UK’s watchdog, the Information Commissioner’s Office, in the form of a $645,000 fine. In November, the company was referred to Ireland’s data privacy watchdog for potentially violating GDPR due to the way it handles data.