The French data-protection regulator threatened Facebook with financial sanctions, should the company keep invading the privacy of its own users, as well as others.

The Commission Nationale de l'Informatique et des Libertés (CNIL) published a paper detailing the charges last Monday. The 17-page document points out how Facebook collects and uses information about its users or about others who do even not have a Facebook account.

CNIL warned Facebook that it has three months before being fined with sums that can reach as much as $168,000 (€150,000).

According to the report, users who do not own Facebook accounts are also tracked by the social media company, via buttons spread throughout the Web. CNIL demands that Facebook informs and asks for permission from those Internet users to have their data collected. The subject is sensitive due to the fact that Facebook gathers information regarding users' religion, sexual orientation and other personal information.

Another aspect that CNIL takes issue with is that Facebook sends European users' data in the U.S. This relies on the formerly legal agreement Safe Harbor, which was nullified by a decision of the European Union in 2015.

"[The order became] public due to the seriousness of the violations and the number of individuals concerned by the Facebook service," CNIL says.

The regulator approximates the number of affected users of about 30 million.

In retort, a Facebook representative says that the protection of its users is quintessential to the company.

"Protecting the privacy of the people who use Facebook is at the heart of everything we do," a Facebook spokesperson declares. She went on to add that the company is in line with the European Data Protection law and that meeting CNIL should help both parties reach an agreement.

It is not the first time that national regulators demand Facebook to stop scooping the users' info.

Late last year, Belgium's Privacy Commission ordered Facebook to refrain from tracking nonusers who visited other sites. A German regulator firmly asked Facebook to permit users to use pseudonyms on the social media platform.

The joined efforts of European regulators against Facebook are a sign that national data protection entities are growing stronger. In two years' time, the authorities will be able to fine big Internet players much heftier fines, as part of a new EU privacy law.

France is debating a new law which could allow CNIL to emit financial sanction earlier than that. One argument of the privacy advocates is that such legislation could balance the citizen vs. social network scales. Social media companies often face criticism due to their targeted online ads policies.

The companies say that, should the data privacy be enforced, many services will suffer a delay before arriving to Europe.

In the aftermath of the Belgium privacy complaint, Facebook declared it would stop collecting information on nonusers' browsing habits. The company also announced that other changes are in store: nonusers in Belgium will not be able to see public Facebook pages and Belgian users will have to go through more rigorous verification when signing in.

It remains to be seen how the French regulator vs. Facebook situation unfolds, but we will keep you posted.