Italy: Penalty for Facebook
In 2015, it became public that the company Cambridge Analytica was collecting and reusing data from Facebook users and their friends without being asked. An app with Facebook login was used for this.
This data was used, among other things, to manipulate the US election. However, not only the data of the app’s users was collected, but also data about all Facebook “friends” of these users. Among these users were also 57 Italian people. However, a total of 214,077 profiles were used illegally by accessing the profiles of these individuals’ friends without their consent or knowledge.
In this penalty, the Italian data protection authority Garante per la protezione dei dati personali invoked the old data protection law, as the GDPR only came into force on May 25, 2018. If penalties were imposed in accordance with the GDPR, the penalty could have been significantly higher. Moreover, due to the size of Facebook, its many Italian users, and the seriousness of the violations, Facebook was unable to stop the investigation by paying a smaller fine.
However, the agency stresses that the data of app users’ friends was not transferred to Cambridge Analytica. Facebook claims to have since disabled the feature of being able to access Facebook “friends” through a Facebook login in an app. In addition, they now pay much more attention to data protection. However, it later came to light that the feature could still be used by selected companies.
Entscheidungsdatum:
01.07.2019
Land:
Italy
Art des Verstoßes:
Illegal data processing
Betroffene Datensätze:
57
Waren sensible Daten betroffen?:
No
verhängte Geldstrafe:
€ 1,000,000,-
Violation of GDPR Paragraph:
14. Information to be provided where personal data have not been obtained from the data subject
5. Principles relating to personal data processing
6. Lawfulness of processing
7. Conditions for consent
Quelle:
Decision of the Italian data protection authority (Italian)