The Belgian Privacy Commission on Friday won a privacy lawsuit against Facebook, with Brussels-based Court of First Instance finding the U.S. company guilty of a range of transgressions compromising the privacy of its users, ordering it to immediately delete any illegally obtained data or face daily fines of €250,000 ($311,000), up to €100 million ($124.5 million) cumulatively. As part of the same verdict, Facebook must stop tracking all data from Belgian users until it’s fully compliant with the measures mandated by the court, local news outlet HLN reports. The judicial body ordered Facebook to publish the entire 84-page verdict on its website and detail the measures taken in order to comply with the ruling in Belgian newspapers. The defendant said it will appeal the decision and is expected to officially do so by the end of the month. The appeal will be filed with the Correctional Court, a division of the country’s Court of First Instance.
The judicial authority concluded Facebook didn’t do enough to inform its users of all of their personal information it was tracking while they were signing up for an account on what’s now the world’s largest social network. The verdict also states Facebook didn’t accurately disclose its user data management practices such as revealing for how long it stores the data collected from its users, nor did it obtain explicit consent to mine it in the first place. A Facebook representative called the verdict “disappointing,” adding that users can already opt out of some of the firm’s data collection mechanisms and that both cookies and its other methods of mining data are a standard industry practice. Facebook also said it has recently been committing significant resources to establishing teams solely dedicated to informing consumers about the privacy implications of using its online services. The company was hit with a similar verdict in Germany earlier this month and said it will appeal that case as well.
The Belgian Privacy Commission that brought the case against Facebook likely won’t be the one that officially ends up seeing it through as it’s set to be replaced by the Data Protection Authority with a significantly wider jurisdiction this spring as part of the new set of privacy regulations entering into force in the European Union on May 25. The legislation will provide EU state members and their privacy watchdogs with the ability to issue much harsher fines to digital companies and other businesses found to be violating the privacy of their customers. In order to comply with the incoming ruleset, Facebook recently published its privacy principles but is still under significant pressure from the European Union to “do more,” much like Google+ and Twitter are.