Facebook fined again in Italy for misleading users over what it does with their data

Facebook has been fined again by Italy’s competition authority — this time the penalty is €7 million (~$8.4M) — for failing to comply with an earlier order related to how it informs users about the commercial uses it makes of their data.

The AGCM began investigating certain commercial practices by Facebook back in 2018, including the information it provided to users at sign up and the lack of an opt out for advertising. Later the same year it went on to fine Facebook €10M for two violations of the country’s Consumer Code.

But the watchdog’s action did not stop there. It went on to launch further proceedings against Facebook in 2020 — saying the tech giant was still failing to inform users “with clarity and immediacy” about how it monetizes their data.

“Facebook Ireland Ltd. and Facebook Inc. have not complied with the warning to remove the incorrect practice on the use of user data and have not published the corrective declaration requested by the Authority,” the AGCM writes in a press release today (issued in Italian; which we’ve translated with Google Translate).

The authority said Facebook is still misleading users who register on its platform by not informing them — “immediately and adequately” — at the point of sign up that it will collect and monetize their personal data. Instead it found Facebook emphasizes its service’s ‘gratuitousness’.

“The information provided by Facebook was generic and incomplete and did not provide an adequate distinction between the use of data necessary for the personalization of the service (with the aim of facilitating socialization with other users) and the use of data to carry out targeted advertising campaigns,” the AGCM goes on.

It had already fined Facebook €5M over the same issue of failing to provide adequate information about its use of people’s data. But it also ordered it to correct the practice — and publish an “amendment” notice on its website and apps for users in Italy. Neither of which Facebook has done, per the regulator.

Facebook, meanwhile, has been fighting the AGCM’s order via the Italian legal system — making a petition to the Council of State.

A hearing of Facebook’s appeal against the non-compliance proceedings took place in September last year and a decision is still pending.

Reached for comment on AGCM’s action, a Facebook spokesperson told us: “We note the Italian Competition Authority’s announcement today, but we await the Council of State decision on our appeal against the Authority’s initial findings.”

“Facebook takes privacy extremely seriously and we have already made changes, including to our Terms of Service, to further clarify how Facebook uses data to provide its service and to provide tailored advertising,” it added.

Last year, at the time the AGCM instigated further proceedings against it, Facebook told us it had amended the language of its terms of service back in 2019 — to “further clarify” how it makes money, as it put it.

However while the tech giant appears to have removed a direct “claim of gratuity” it had previously been presenting users at the point of registration, the Italian watchdog is still not happy with how far it’s gone in its presentation to new users — saying it’s still not being “immediate and clear” enough in how it provides information on the collection and use of their data for commercial purposes.

The authority points out that this is key information for people to weigh up in deciding whether or not to join Facebook — given the economic value Facebook gains via the transfer of their personal data.

For its part, Facebook argues that it’s fair to describe a service as ‘free’ if there’s no monetary charge for use. Although it has also made changes to how it describes this value exchange to users — including dropping its former slogan that “Facebook is free and always will be” in favor of some fuzzier phrasing.

On the arguably more salient legal point that Facebook is also appealing — related to the lack of a direct opt out for Facebook users to prevent their data being used for targeted ads — Facebook denies there’s any lack of consent to see here, claiming it does not give any user information to third parties unless the person has chosen to share their information and give consent.

Rather it says this consent process happens off its own site, on a case by case basis, i.e. when people decide whether or not to install third party apps or use Facebook Login to log into a third-party websites etc — and where, it argues, they will be asked by those third parties whether they want Facebook to share their data.

(Facebook’s lead data supervisor in Europe, Ireland’s DPC, has an open investigation into Facebook on exactly this issue of so-called ‘forced consent’ — with complaints filed the moment Europe’s General Data Protection Regulation begun being applied in May 2018.)

The tech giant also flags on-site tools and settings it does offer its own users — such as ‘Why Am I Seeing This Ad’, ‘Ads Preferences’ and ‘Manage Activity’ — which it claims increase transparency and control for Facebook users.

It also points to the ‘Off Facebook Activity‘ setting it launched last year — which shows users some information about which third party services are sending their data to Facebook and lets them disconnect that information from their account. Though there’s no way for users to request the third party delete their data via Facebook. (That requires going to each third party service individually to make a request.)

Last year a German court ruled against a consumer rights challenge to Facebook’s use of the self-promotional slogan that its service is “free and always will be” — on the grounds that the company does not require users to literally hand over monetary payments in exchange for using the service. Although the court found against Facebook on a number of other issues bundled into the challenge related to how it handles user data.

In another interesting development last year, Germany’s federal court also unblocked a separate legal challenge to Facebook’s use of user data which has been brought by the country’s competition watchdog. If that landmark challenge prevails Facebook could be forced to stop combining user data across different services and from the social plug-ins and tracking pixels it embeds in third parties’ digital services.

The company is also now facing rising challenges to its unfettered use of people’s data via the private sector, with Apple set to switch on an opt-in consent mechanism for app tracking on iOS this spring. Browser makers have also been long stepping up action against consentless tracking — including Google, which is working on phasing out support for third party cookies on Chrome.