France gives Facebook 3 months to stop spying on non-users, FB agrees to comply

French authorities have given Facebook three months to stop collecting private browsing activity from Internet users who do not have an account with the social media network.

France’s National Commission of Information and Freedoms (CNIL) has issued a formal notice to Facebook Inc, and Facebook Ireland Limited to comply with the French Data Protection Act.

According to the CNIL report, if Facebook doesn’t comply with the notice, they will appoint a “rapporteur” to determine whether a sanction will be imposed upon the social media Goliath.

How is Facebook collecting non-user data?

Whenever someone visits a public Facebook page, whether they are a registered Facebook user or not, the social media company sets up a cookie that continues to monitor the Internet user’s browsing activity.

This can even mean that by visiting a site with a Facebook plugin, just like The Sociable’s “share” button, Facebook can setup cookies to track your activities after leaving the page.

“This cookie transmits to FACEBOOK information relating to third-party websites offering FACEBOOK plug-ins (e.g. Like button) that are visited by Internet users,” according to the CNIL report.

The data collected ranges from a user’s sexual orientation, as well as religious and political views. The cookies are also used for advertising purposes to third-party websites without the user’s knowledge or consent.

Read More: Private data collection: from Facebook apps to a generation of microchipped biohackers

Even registered users of Facebook are “not informed on the sign up form with regard to their rights and the processing of their personal data.”

“As it is, the company [Facebook] provides no tools for account holders to prevent such compilation, which thereby violates their fundamental rights and interests, including their right to respect for private life,” the CNIL report stated.

Facebook had been operating and collecting data under the US Safe Harbor system; however, it was declared “invalid” by the European Union’s Court of Justice in October of last year.

With regards to the 30 million users in France, Facebook issued this response to Forbes, “Protecting the privacy of the people who use Facebook is at the heart of everything we do. We are confident that we comply with European Data Protection law and look forward to engaging with the CNIL to respond to their concerns.”