The Spanish Data Protection Authority slapped Facebook with a USD 1.4 million fine over three instances in which Facebook collected information on ideology, sex, religious beliefs, personal tastes, and browser history without properly notifying users what such information was being obtained for. Facebook has stated that it intends to appeal the decision.

This fine proves yet again the need to carefully evaluate the manner in which private information is collected, including what data subjects are informed about such collection and the actual use of the private information. There is no doubt the importance of this will substantially increase, especially when the GDPR enters into force in May 2018; these regulations will apply, inter alia, to certain activities of non-EU entities in the EU.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.