EU Slaps Facebook with $122m Fine Over User Data

EU Slaps Facebook with $122m Fine Over User Data

The European Commission has fined Facebook $122m for providing "incorrect or misleading" information during its purchase of WhatsApp in 2014.

The European Union’s antitrust regulators said that Facebook had originally insisted that it wouldn’t  combine its own data with that of WhatsApp, which has more than one billion users. It didn’t carry through on that promise, however—last August, the social network announced that it would begin doing just that. That sent up a red flag for those concerned that this kind of data scale offers an unfair advantage when it comes to advertising and psychometrics.

The fine comes in a week in which WhatsApp was fined €3 million by the Italian competition and consumer authority and Facebook was fined €150,000 by the French data protection regulator in relation to the companies' use of customer data. Also, a competition investigation in Germany into Facebook's privacy practices remains ongoing.

“Several transactions in recent years, including Facebook's acquisition of WhatsApp and Microsoft's acquisition of LinkedIn have been at least partly motivated by the desire to gain access to valuable data,” said Richard Craig, senior associate in the IT, telecoms and competition team at International law firm Taylor Wessing. “These transactions are facing increasing scrutiny, in particular by privacy advocates, who fear that these deals will lead to a degradation of privacy protection for consumers.”

Although antitrust regulators have been historically reluctant to consider privacy issues in competition cases, the drumbeat is growing louder when it comes to regulator scrutiny of those with access to big data. There is increasingly an imperative to ensure that these companies do not use that data in a way that harms competitors or consumers.

"The fine shows the importance of being fully transparent with competition regulators when filing for merger control clearance, although some will no doubt claim that the commission should have gone further and reopened the investigation into the transaction,” Craig added. "This is in large part as a result of an increasing focus on the relationship between the access that the major tech companies have to large and complex datasets and the potential for this to adversely affect competition.”

Meanwhile, UK Prime Minister Theresa May has announced that Facebook users will have the right to permanently delete information about themselves before they turn 18—extending the “right to be forgotten” to teenagers. This right is already enshrined in the EU's new General Data Protection Regulation, to go into effect in May 2018, which also will be signed into UK law. 

Source: Information Security Magazine