Facebook declared it will appeal a recent decision by the Brussels Court of First Instance (see here) — Rechtbank van eerste aanleg - which could lead to further fragmentation of EU data protection standards by giving ground to local data protection authorities to regulate another aspect of data processing within their own borders.
The decision found the company liable for violation of Belgian privacy law for using cookies to track users who did not consent to the processing of their personal data and non users. Basically, according to the Belgian Court, Facebook was dropping “datr cookies” to track the behavior of Belgian users who do not have Facebook profiles. In brief, the Court ruled: (i) Belgian privacy law applies and the Belgian court has jurisdiction; (ii) the matter was to be settled urgently since fundamental rights and freedoms are violated; (iii) information collected through Datr cookies are “personal data”; (iv) Facebook violated Belgian privacy law by not obtaining users’ permission for the processing of such personal data.
The company faces one of the highest fines set forth by EU DPAs. It amounts to € 250,000 per day if fails to comply, starting November 11, 2015. The company declared that it will comply with the court’s order, but it will appeal the ruling (see here and here).
The decision is based on Belgian privacy law and it is the law in Belgium only. However, it could become a “precedent” for other EU privacy authorities, hence the importance of the issue for Facebook.
The full text of the decision rendered on November 9, 2015, by the Court of First Instance is available (in Dutch) at https://www.privacycommission.be…
For more information, Francesca Giannoni-Crystal