France’s privacy regulator on Monday threatened to fine Facebook Inc. if it doesn’t change some of its data tracking practices and halt transatlantic transfers under a recently invalidated data flow agreement.
The French order is the first significant action taken by a European data protection authority since the EU high court struck down the agreement last October over privacy concerns.
A working group that includes data protection authorities from 28 EU nations is expected to spend the next few months picking through the replacement to Safe Harbor — struck by the Commerce Department and the European Commission last week — to determine if it adequately protects the personal data of European citizens.
Critics have long warned that even with a new agreement, individual regulators could crack down on firms in their countries.
Legal sources tracking the new deal already expected that some countries might target large tech companies seen to have collaborated with U.S. surveillance efforts prior to reforms made under the Obama administration.
Facebook has three months to comply with the French regulator’s demands. According to the watchdog, the social media giant plants cookies on non-users’ computers and collects data on sexual orientation and the religious and political views of users without the explicit consent of account holders.
“The formal notice is made public due to the seriousness of the violations and the number of individuals concerned by the Facebook service (more than 30 million users in France),” the agency said in a statement.