Belgian Court rules for Belgium’s Data Protection Commission against Facebook
In a decisive ruling, the Brussels Court of First Instance ruled on 16th February in an 84 page judgement that Facebook must stop placing cookies on users’ computers unless:
1 - It has informed users “in a clear and comprehensive manner, fully and accurately” about several points including:
- The circumstances when Facebook places these cookies and then collects the data
- The purposes for which Facebook uses these cookies
- The nature of the data that Facebook collects
- The recipients or categories of recipients of the data collected
- The existence of the right to object, access and rectification, and
- The retention period of the data Facebook collects via cookies and social plug-ins.
2 - The individuals have consented “freely, specifically and unambiguously to both the placement and use of these cookies”
- 3 - The individuals have been given the “option to refuse” the placement of these cookies.
The judgement also instructed Facebook to “cease providing information that might reasonably mislead data subjects”; to destroy within three months all personal data of every Internet user in Belgium obtained by means of cookies and social plug-ins; the publication of this judgement on Facebook’s website and in summary in the major Belgian newspapers.
The penalty for failing to comply with this judgement is a fine of 250,000 Euros per day up to a maximum of 100 million Euros, and payment of legal costs to Belgium’s Data Protection Commission.
Willem Debeuckelaere, President, Belgium’s Data Protection Commission, told Privacy Laws & Business that this is an important judgement as it is the first time that a Belgian court has ruled so clearly against Facebook. It came shortly after a similar judgement in a Berlin court.
Facebook claims that it works on the same principles as the other social media companies but Debeuckelaere says that Facebook should give a lead. He has tried to find a settlement by discussion. Going forward, his objective is that every company must work within the law now, and within the GDPR in the future. “The solution is a settlement not a punishment.”
A solution must be fair going beyond reformulating terms and conditions. He is “not an enemy of Facebook”. He wants to work with the company. But a major problem is when personal data is used for secondary purposes, for example, for marketing or in employment contexts.
He wants the next step to be consideration of these issues in the new EU Data Protection Board when it starts work in May.