Facebook Fined in Italy for Data Misleading Practices

Italian Competition Authority Fines Facebook Again

Facebook has received another financial penalty from Italy’s competition authority, amounting to €7 million (approximately $8.4M). This sanction stems from a failure to adhere to a previous directive concerning the disclosure of data usage practices to its users.

Initial Investigations and Previous Fines

The AGCM (Italian Competition Authority) initiated an investigation into Facebook’s commercial activities in 2018. This scrutiny focused on the information presented to users during registration and the absence of an option to decline data collection for advertising purposes.

Subsequently, in the same year, Facebook was fined €10M for two breaches of the nation’s Consumer Code.

Continued Non-Compliance

The regulatory body’s actions did not conclude there. Further proceedings were initiated against Facebook in 2020, alleging that the technology company continued to fail in providing users with “clear and immediate” information regarding the monetization of their data.

According to the AGCM’s press release, Facebook Ireland Ltd. and Facebook Inc. did not fulfill the requirement to rectify the problematic data usage practices, nor did they publish the requested corrective statement.

Misleading Users Regarding Data Monetization

The authority asserts that Facebook continues to mislead users during the registration process by not adequately informing them— “immediately and sufficiently”— that their personal data will be collected and utilized for commercial gain. Instead, the company highlights the ‘free’ nature of its service.

The information provided by Facebook was deemed to be too broad and lacked a clear distinction between data usage essential for service personalization and data usage for targeted advertising campaigns, the AGCM stated.

Prior Penalties and Corrective Orders

Facebook had previously been fined €5M for a similar issue— insufficient information regarding data usage. However, the authority also mandated a correction of the practice and the publication of an “amendment” notice on its website and applications for Italian users. The regulator reports that Facebook has not complied with either of these directives.

Legal Challenges and Pending Decisions

Facebook has contested the AGCM’s order through the Italian legal system, submitting a petition to the Council of State.

A hearing regarding Facebook’s appeal against the non-compliance proceedings was held in September of the previous year, and a ruling is still awaited.

Facebook’s Response

A Facebook spokesperson stated that the company acknowledges the AGCM’s announcement but is awaiting the Council of State’s decision on its appeal against the initial findings.

Facebook emphasizes its commitment to privacy and claims to have already implemented changes, including updates to its Terms of Service, to clarify data usage for service provision and targeted advertising.

Amendments to Terms of Service

Facebook previously informed authorities that it had revised its Terms of Service in 2019 to “further clarify” its revenue generation methods.

While the tech giant has removed a direct “claim of gratuity” from its registration process, the Italian watchdog remains dissatisfied with the extent of the changes, asserting that the information provided is still not “immediate and clear” enough regarding data collection and commercial use.

The Importance of Transparent Information

The authority emphasizes that this information is crucial for individuals to consider when deciding whether to join Facebook, given the economic value Facebook derives from the transfer of their personal data.

Defining a ‘Free’ Service

Facebook argues that a service can be legitimately described as ‘free’ if no monetary charge is imposed for its use. The company has also modified its messaging regarding this value exchange, replacing its former slogan, “Facebook is free and always will be,” with more ambiguous phrasing.

Opt-Out for Targeted Advertising

Regarding the lack of a direct opt-out for users to prevent their data from being used for targeted ads, Facebook maintains that there is no lack of consent. The company asserts that it does not share user information with third parties without explicit consent.

Facebook explains that this consent process occurs outside of its platform, on a case-by-case basis, such as when users choose to install third-party applications or utilize Facebook Login on external websites, where they are prompted for consent by those third parties.

Ongoing Investigations and User Control

(Ireland’s DPC, Facebook’s lead data supervisor in Europe, is currently investigating Facebook regarding the issue of ‘forced consent’— complaints were filed immediately after the implementation of Europe’s General Data Protection Regulation in May 2018.)

Facebook also highlights on-site tools and settings, such as ‘Why Am I Seeing This Ad’, ‘Ads Preferences’, and ‘Manage Activity’, which it claims enhance transparency and user control.

Off-Facebook Activity Setting

The company also points to the ‘Off Facebook Activity’ setting launched last year, which displays users with information about third-party services sharing their data with Facebook and allows them to disconnect that information from their account. However, users cannot request third parties to delete their data directly through Facebook; they must contact each service individually.

Recent Court Rulings

Last year, a German court dismissed a consumer rights challenge to Facebook’s slogan, “free and always will be,” on the grounds that the company does not require users to make monetary payments for service access. However, the court ruled against Facebook on several other issues related to data handling.

Furthermore, a German federal court has allowed a separate legal challenge to Facebook’s data usage practices brought by the country’s competition watchdog to proceed. A favorable outcome for this challenge could compel Facebook to cease combining user data across different services and from tracking pixels embedded in third-party websites.

Increased Regulatory Pressure

The company is also facing growing scrutiny regarding its data usage practices from the private sector, with Apple planning to introduce an opt-in consent mechanism for app tracking on iOS this spring. Browser developers are also increasing efforts to combat consentless tracking, including Google’s plan to phase out third-party cookie support in Chrome.