Facebook feels sharp end of Spanish privacy stick

Facebook has been slapped with a fine from the Spanish data protection watchdog for inappropriately collecting and using personal information on some of its Spanish users.

The fine, although a bit of a meagre one, is for violating Spain’s Organic Law on Data Protection (LOPD), with the Spanish data protection agency, the AEPD, identifying two separate instances where Facebook has collected and monetized personal information without the consent of the user. This information included ideology, sex, religious beliefs and personal tastes, and was collected from third party pages without clearly informing the user.

In short, the AEPD has simply stated Facebook has not done enough to educate the user. This lack of education is a source of frustration for some in the industry, who might believe the tech companies who make such monstrous amounts of cash from personal data have a duty to educate the user on how information is used.

To date, few have made a point of enforcing this education, though this at least seems to show some intention of heading that route. The AEPD is implying Facebook needs to do more to improve awareness of how personal information is used in the digital economy, but whether this actually leads to any changes remains to be seen.

“Agency considers that Facebook does not adequately collect the consent of either its users or those who are not – and whose data are also treated, which constitutes a serious infringement,” the AEPD has said in a statement.

“Finally, the Agency has been able to verify that Facebook does not eliminate the information that it collects from the habits of navigation of the users, but retains and reuses it later associated with the same user.”

If you want to make money personal information, you at least have to tell the users that you are doing it. It seems like a fair trade off, but it doesn’t seem to be the norm.

Another interesting angle on this saga is the non-Facebook users which might be involved. The AEPD has noted Facebook has been collecting information on non-Facebook users who navigate through third-party pages associated with the platform, and storing for potential use later. Some might argue the information cannot be collated into one record, but most will assume companies like Facebook are smart enough to do that. Is anyone safe from the Facebook advertising machine?

But before haters of the social-media endemic start up the party play list, the fine is a grand total of €1.2 million. This might be a substantial amount to some businesses, but it hardly puts a scratch on the $9.164 billion revenues it reported in the last quarter.

This is part of the problem with data protection regulations and watchdogs; they need to sharpen their teeth. A fine of €1.2 million will keep the likes of you and me in check, but it is hardly going to be a concern for Facebook, Google, Amazon, Netflix or any of the other giants. The most likely violations of data protection rules are going to come from the big boys, and unless there is an appropriate punishment, the violations will not stop.

Data protection watchdogs around the world need to grow-up and start doing their jobs properly. Finding the issue is not that complicated; fixing it is another matter. And unless they start getting serious about the amount violators are fined, they will continue to be viewed as nothing more than a minor irritation in the middle of the day.