France's privacy regulator has ordered Facebook to stop tracking non-users within three months.
In a 16-page ruling issued Monday, France's CNIL found fault with data collection by Facebook at its
own site, and at the sites of outside publishers with "Like" buttons.
"While the purpose claimed by the company may seem legitimate (ensuring the security of its services), collecting data on
browsing activity by non-account Facebook holders on third-party websites is carried out without their knowledge," the CNIL wrote.
The regulator also said that Facebook violates EU privacy law
by placing cookies on the computers of visitors to Facebook.com without first obtaining their consent.
Last year, authorities in Belgium also ordered Facebook to stop tracking non-users.
Several weeks later, Facebook began preventing non-account holders in Belgium from
accessing Facebook.com. In the past, anyone in that country could access many Facebook pages found through search engines, including pages for small businesses, sports teams, celebrities and tourist
attractions.
The CNIL also said in its Monday ruling that Facebook can't send data about EU citizens to U.S. servers, due to a ruling last October that invalidated an agreement that enabled
the data transfers. While EU and U.S. authorities recently negotiated a new agreement, it has not yet been finalized.
A Facebook spokesperson said the company is "confident" that it complies
with the European privacy law and looks forward "to engaging with the CNIL to respond to their concerns."