What does this cover?

In a preliminary ruling the court in Brussels has charged Facebook with a daily fine of EUR 250,000 for breaches involving the profiling of data subjects. The case was brought by the Belgian Data Protection Authority (Belgian DPA), and the court followed a recommendation that the Belgian DPA had issued back in May this year.

The judgment discussed the scope of the cookie and profiling software used by Facebook in relation to targeted advertising and marketing, without any legal justification. This data processing was held to be in breach of EU data protection law due to the lack of consent from those data subjects involved in processing that was deemed to be for commercial purposes.

Facebook was given a 48 hour grace period to comply with the ruling, after which point the fine would activate and they would be required to pay EUR 250,000 to the Belgian DPA for each day on non-compliance.

Facebook is expected to appeal the decision.

To view the Belgian DPA's press release, please click here.

What action could be taken to manage risks that may arise from this development?

Financial services companies should ensure any targeted advertising and marketing it carries out complies with the relevant law.

Submitted by Rowena McCormack, Associate at DAC Beachcroft – Dublin, Ireland in partnership with DAC Beachcroft.