By decision published on 7 December, the Italian Competition and Consumer Authority (AGCM) fined Facebook Inc. and its EU subsidiary Facebook Ireland Ltd. for a total administrative sanction of 10 million euros for two unfair commercial practices against the 31 million Italian FB users, in breach of the Italian Consumer Code (Legislative Decree 206/2005). The proceeding, which focused on two ongoing practices started in 2008, was initiated last April following several complaints of the consumer associations Altroconsumo, Movimento Difesa del Cittadino and Unione Nazionale Consumatori.
According to AGCM, FB implemented a first misleading practice, prohibited by Articles 21 and 22 of the Consumer Code, by not providing the users with adequate information in the initial registration in the FB platform (website and app). Leveraging on the claim "Sign up, it's free and it will be forever", FB emphasised the free nature of the social network, without highlighting the marketing purposes of the personal data collection.
FB put in place a second aggressive practice, prohibited by Articles 24 and 25 of the Consumer Code, against registered users, whose data are transmitted from the FB platform to third party websites / apps and vice versa without the prior express consent of the interested party, for profiling and commercial purposes. As pointed out by AGCM, FB pre-selects the “Active Platform” function – which allows the data sharing – while the user’s opt-out is unduly discouraged by FB by threatening negative consequences in the use of both FB and third-party websites and apps.
During the proceedings, FB argued that the provision of “free services” (such as those of the social network) would not give rise to an economic activity within the meaning of the Consumer Code. In rejecting this argument, AGCM confirmed that the use of data for marketing purposes triggers a “consumer relationship” also in absence of monetary consideration
Moreover, FB alleged that AGCM was acting “beyond its powers” since the competence to ascertain the conducts was up to the Irish Data Protection Commissioner. In rejecting the objection, AGCM confirmed its competence by noting that “the fact that privacy laws are applicable to the [FB]'s conduct does not exempt it from respecting the rules on unfair commercial practices”. While the privacy legal framework, entrusted to the Data Protection Authority, protects personal data, “the Consumer Code, in the domain of unfair commercial practices, aims to protect the consumer from economic choices induced by misleading and aggressive practices that are not specifically regulated”. According to AGCM, therefore, data protection and consumer laws “have a different material scope and pursue distinct interests. Consequently there is no conflict between the two legal frameworks, which are complementary”[1].
In addition to the pecuniary sanction, AGCM condemned FB to publish an “amending declaration” on its website and app, in order to prevent the two unfair practices from continuing. FB may decide to challenge the AGCM’s decision before the Administrative Court for Lazio within the next 60 days.
[1] Courtesy translation from the Italian official text.