Facebook has been fined 150,000 euros ($166,000) by France’s data protection watchdog for failing to prevent its users’ data being accessed by advertisers.
Watchdog CNIL said its fine—which was imposed on both Facebook and Facebook Ireland—was part of a wider European investigation also being carried out in Belgium, the Netherlands, Spain, and Germany into some of Facebook’s practices.
The 150,000 euro fine is small in the context of the company, which has quarterly revenue of about $8 billion and a stock market capitalization which stands at around $435 billion. But it is the maximum amount the CNIL could fine when it started the investigation on the tech giant.
The CNIL can now issue fines of up to 3 million euros, after the passing of a new law in October 2016.
Last year, the French watchdog had given Facebook a deadline to stop tracking non-users’ web activity without their consent and ordered the social network to stop some transfers of personal data to the United States.
Facebook argued that the Irish data protection authority, not the CNIL, was the competent authority to formulate such orders, as the social media company’s European headquarters are located in Dublin.
In a statement on Tuesday, Facebook did not say whether it would now take action as a result of the fine.
“We take note of the CNIL’s decision with which we respectfully disagree,” Facebook said in a statement emailed to Reuters.
“At Facebook, putting people in control of their privacy is at the heart of everything we do. Over recent years, we’ve simplified our policies further to help people understand how we use information to make Facebook better,” it said.
The French order was the first significant action taken against a company transferring Europeans’ data to the United States following an EU court ruling last year that struck down an agreement that thousands of companies, including Facebook, had relied on to avoid cumbersome EU data transfer rules.
The transatlantic Safe Harbour pact was ruled illegal last year amid concerns over mass U.S. government snooping. EU data protection authorities said companies had three months to set up alternative legal arrangements for transferring data.
A new EU data protection law is set to enter into force in 2018, which could see companies get fined up to 4 percent of their global turnover if they fall foul of the new regulation.