A day after imposing an $18.7 million fine on Google for violating Dutch privacy laws, the Netherlands' Data Protection Agency (DPA) shifted its eyes on Facebook.
The DPA announced on Dec. 15 that it has ordered Google to pay an incremental fine of 15 million euros because its use of personal data -- collected without consent from users using Google's more than 70 separate services, including its search engine as well as other websites that use Google cookies -- breaches the country's laws on the privacy of user data.
Facebook could now face the same fate in the Netherlands as the government turns to investigate the social network's newest privacy policy, which was announced in November and will take full effect on Jan. 1.
The new privacy policy aims to explain in simple terms what Facebook plans to do and not do with the personal information it collects. However, it still says that it will use data gleaned from users' posts, interactions, messages and devices to provide advertisements that are targeted toward individual users.
"We use the information we have to improve our advertising and measurement systems so we can show you relevant ads on and off our services and measure the effectiveness and reach of our ads and services," said Facebook.
This very line is the contention of the government-affiliated watchdog College Bescherming Persoonsgegevens (CBP), which has contacted Facebook to request to postpone the implementation of the new privacy policy until the body finishes its investigation. Furthermore, the DPA says that because Facebook has Dutch users, the Dutch government has authority to act as a supervisor over the American company.
However, Facebook says it was "surprised and disappointed" over the probe by the Dutch government but it was confident that its privacy policy, which was reviewed by the Irish data protection authority, will pass the Dutch government's scrutiny.
"We routinely review product and policy updates with our regulator, the Irish Data Protection Commissioner, who oversees our compliance with the EU Data Protection Directive as implemented under Irish law," Facebook stated.
If the Dutch government finds that Facebook's privacy policy violates Dutch regulations, the DPA can impose millions of dollars in fines against the social network as it did for Google, which was given two months to revise its privacy policy to accommodate the DPA's three demands.
The new Google privacy policy must request the "unambiguous consent" of users for combining data across Google's range of services, clarify which personal data are used by the different services, and make clear that YouTube is part of Google, the last of which the DPA says Google has already done in the Netherlands.
"Google catches us in an invisible web of our personal data without telling us and without asking us for our consent," said DPA chairman Jacob Kohnstamm. "This has been ongoing since 2012 and we hope our patience will no longer be tested."
