The French data protection authority has ordered social media giant, Facebook to stop sending user data to the US, following a ruling from the European Union that negated a longstanding trans-Atlantic data transfer agreement. In an order very recently published, the data protection authority, known by its French acronym CNIL, also gave Facebook three months to desist from tracking the web activity of non-users without their consent. Facebook could face fines if it fails to comply, CNIL added.
In October, the European Court of Justice ruled that the trans-Atlantic data transfer agreement between Europe and the US, known as the Safe Harbor pact, was illegal on the basis that the US does not provide adequate privacy protections. A three-month deadline to establish alternative agreements ended last week, and although US and European officials agreed to a new framework last week, it has not been put into operation.
The negation of Safe Harbor provided the basis for CNIL’s order, though Facebook has said its data transfers are in accordance with EU law. “Protecting the privacy of the people who use Facebook is at the heart of everything we do,” a Facebook spokeswoman told Reuters. “We … look forward to engaging with the CNIL to respond to their concerns.”
Facebook is facing a number of privacy-related probes in Europe. In November, a Belgian court ordered the company to stop using cookies to track the web activity of its users, meaning that users must now log in to view Facebook pages, including public ones.