According to Norwegian tech site NRKbeta, Facebook has been reported to data protection authorities for breaking European privacy law in Norway, The Netherlands, Belgium, Spain, Portugal, Italy, and Greece.
After the revelation of the Facebook Cambridge Analytica scandal, the social media giant has admitted that as many as 87 million people’s data was affected, or about 27 million more than originally reported. The company says that mostly US citizens were affected, but it’s now clear that the data collecting affected users in Europe as well
The reports to European data protection authorities, which were filed simultaneously by multiple consumer organizations, cite news coverage that Facebook didn’t adequately protect its users’ data — firstly by being careless about providing third parties access to it and secondly for not rectifying the breach when the company became aware of it back in 2015 — as a reason to investigate possible infractions in Europe.
The concerns of European consumer organizations are justifiable as it’s already been confirmed by the Norwegian news agency NTB that the data of as many as 37,550 Norwegians might have been affected by Cambridge Analytica’s thisisyourdigitallife, even though only 17 Norwegians actually downloaded the app.
TNW spoke to Bits of Freedom privacy expert David Korteweg about what would happen if Facebook was found guilty by data protection authorities. According to Korteweg, Facebook could be fined but the amount is likely too low to have a real effect (at least before GDPR‘s new four percent fines kick in) and it also varies between countries.
Data protection authorities can also force Facebook to stop or change certain practices, which could prove to be a more powerful tool. This might also turn out better for users in the long run, as the most important thing is to prevent breaches like this from happening in the future.
We reached out to Facebook for a comment and we’ll update this story if they get back to us.