Europe News

Facebook to appeal a Belgian court’s ruling on data privacy

Mark Scott
Facebook to appeal data privacy ruling

Facebook intends to appeal a privacy ruling in Belgium that forces the social media giant to stop collecting digital information about people who are not its users.

The ruling, announced late on Monday, is the latest in a number of European data protection cases that have engulfed Facebook, which collects reams of data on individuals' online activities to power its fast-growing digital advertising business.

Many of the Continent's data watchdogs, as well as the European Court of Justice, the European Union's highest court, have also taken a tough line on how American technology companies gain access to, manage and use people's digital information. The efforts are part of Europe's strict data protection rules that have enshrined an individual's privacy as a fundamental right on a par with freedom of expression.

Mark Zuckerberg, chief executive officer of Facebook Inc.
David Paul Morris | Bloomberg | Getty Images

In Monday's ruling, a court in Brussels said that Facebook could no longer collect and store online information from people in Belgium who do not have an account with the social network. The court said that Facebook did not have individuals' consent to gather the information.

The company had collected data on people's online activities — both those of Facebook users and those of people who do not have Facebook accounts — through so-called digital cookies. The cookies, tiny files that attach themselves to users' computers or smartphones, are embedded on Facebook pages and on those of other companies that have links to the social network though Facebook's "like" button.

Read More Why Facebook's ad revenue can keep growing: Analysts

Facebook will face daily fines worth up to $270,000 if it fails to comply with the court's decision, according to Belgian law.

In response, the company said that it had used cookies for more than five years without facing privacy complaints, and that it would now take its case to the Belgian Court of Appeal. But Facebook also said it would take steps to stop collecting online information about people in Belgium who do not use its site by the end of the week.

"We are working to minimize any disruption to people's access to Facebook in Belgium," Sally Aldous, a company spokeswoman, said in a statement.

The case was filed this year by Belgium's data protection authority, which had balked at changes to Facebook's terms and conditions that would have given the company greater say over how it collected and used individuals' online information.

In total, five European privacy regulators — from Belgium, France, Germany, the Netherlands and Spain — are investigating whether the company's new privacy conditions run afoul of their countries' domestic data protection rules.

Read More Facebook working on artificial intelligence that can tell what's in photos

Facebook has fought to limit the impact of those investigations, saying that only the Irish data protection authority has jurisdiction over its new privacy conditions because Facebook's international headquarters are in Dublin. Roughly 80 percent of Facebook's 1.4 billion users outside North America are managed through its Irish base.

Despite the company's efforts to rely on the Irish data protection regulator, though, many of Europe's privacy watchdogs have sought an increasingly greater say in how digital information about their citizens is handled.

That position became stronger last month after the European Court of Justice gave national authorities greater powers over how companies like Facebook and Google store online data.

The court said that people's digital information, like social media posts or search histories, could no longer be transferred to the United States under a 15-year-old agreement known as safe harbor. The judges ruled that the United States did not offer sufficient protection for Europeans if their data was misused by companies or by government agencies.

As part of its decision, the court also said that Europe's national privacy authorities had the right to intervene if they believed their citizens' data was at risk when companies moved information outside national borders.

And in a sign that regulators are taking advantage of their new powers, the Continent's data protection authorities have demanded that Europe and the United States agree to a strengthened trans-Atlantic data transfer deal by early next year. If those efforts falter, regulators may start to fine companies that misuse Europeans' online information. American and European Union officials are trying to negotiate a new pact.