It’s not the first time it’s happened. In the last 7 months, the AEPD has imposed almost 2 million euros in sanctions on the company.
But this may be the first time many of us have seen Mark Zuckerbeg in a suit instead of his forever gray shirt, but the occasion called for it. It was the Facebook founder’s appearance in the Senate and a day later in the US Congress to account for the massive leak of personal data of millions of users by British consultancy Cambridge Analytica. These won’t be the only explanations Zuckerberg has to give for this scandal.
It is understood that Facebook should be in direct communication with anyone affected by the inappropriate use of their data since last April 9th. However, as of April 11, there is still no evidence in Spain that any of the 136,985 people believed to have been affected have received any notification or that no one has filed complaints in the matter. The only thing that is certain is that Spanish Data Protection Authority launched an ex officio investigation last week to find out the true extent of the scandal in our country. “Given that these investigations are still ongoing, we cannot provide much more data,” the agency’s press office said.
Nor can we speak with great accuracy about the number of users really affected in our country, since these 137,000 mixed are always offered conditionally. “I have no idea where that number came from,” he says. Alexander Tourinfrom Ecija Lawyers– The same is due to a statistical distribution, but I say it as a joke because I really don’t know.
Official announcements from Facebook detailing the extent of the scandal are said to be a letter to the European Commission, which speaks of 2.7 million affected and the 87 million it recognizes on a global scale. However, the figures are in principle estimates, since the calculation is based on the 270,000 users at a global level -44 in Spain- who confirm that they have downloaded the Cambridge Analytica application “This is your digital life” to carry out a study. According to some publications, this application made it possible to collect information not only from the people who downloaded it but also from their contacts on Facebook.
In a somewhat belated transparency statement, Mark Zuckerberg apologized for what had happened and accepted his share of responsibility for the safety deficiencies and announced reforms in this regard.
It’s also true that Facebook has said that those who want to confirm whether or not they’re affected can check via the NewsFeed option of the news, the same place that Facebook posts your birthday or the time, too who you had contact reports with a specific person. They also claim to have enabled a query page that only shows if Cambridge Analytica used your data but no other possible similar uses. But according to Luis Gervas of PisaAdvocate for the Association of Reunited Consumers acoreo, these proposals do not seem serious in the face of a scandal of this magnitude. “It remains to be seen whether Facebook’s communication is clear enough, because on other occasions (for example when it announced that it would be able to read the content of private messages for advertising purposes) the information was anything but transparent in my view. ” confirms the lawyer, for which he recommends users to contact the company by mail with a personal cover letter asking for specific information about their account.
For those ultimately involved, there are several options: ignore and do nothing, notify the Spanish Data Protection Agency, or file a lawsuit. Gervás de la Pisa clarifies that the investigation launched by the AEPD in this case could lead to a fine for Facebook, the amount of which would go to public coffers. Another possibility is that each data subject decides to appeal to the courts and file a lawsuit which, if positive, would allow the data subject to claim compensation. In any case, the investigation is the same since the offense coincides. For its part, the AEPD reports that “if complaints were received from users regarding this case, they would be included in the file of the investigative actions launched by the agency on April 5”.
Almost 2 million euros in fines in 7 months
Regarding Facebook’s statement of intent, given the repeated sanctions that the company has accumulated only in Spain, one can suspect the correctness of the same. Thus, in the last 7 months alone, the Spanish agency has taken several actions against Facebook, with the consequence of sanctions for various violations of the Organic Data Protection Code. They are the following:
-A decision last August by which the AEPD imposed a sanction on Facebook €1,200,000 after reviewing 2 serious violations and 1 very serious. Among many other violations, one was the processing of data, “also specially protected, for advertising purposes without obtaining consent and not completely deleting user information when it is no longer useful for the purpose for which it was collected or when they request it ‘ the agency said in a press release.
– Shortly thereafter, in October 2017, they decided on a new sanction, this time by €150,000 “for violating Article 10 (Obligation of confidentiality), noting that the Facebook chat service allows third parties to permanently see the rhythm and connection actions of a user declared as a “friend”, without the user being able to take any action on it .
– Another was resolved this month and imposed a sanction of €300,000 to Facebook and a similar amount to WhatsApp (Application owned by Facebook) by declaring a breach of Article 6 to Facebook (for treatment without consent) and of Article 11 (Data transfer) to WhatsApp for the transfer of user data from the latter entity to the former.
For their part, from Acoreo, they make their legal services available to all those affected who wish to file a lawsuit and claim damages. In this sense, Gervas de la Pisa recalls that he recently managed to fine Facebook and WhatsApp along with other complainants of 600,000 euros and that in 2016 he obtained a fine of 150,000 euros against Google.
It should also be noted that in the current scandal, some users in the US are considering suing not only Facebook for insecure and compromised data security, but also Cambridge Analytica for unauthorized use.