A Timeline by the New York Times of Regulatory Actions against Facebook and Google

Facebook and it's privacy and data policies have been in the news of late with the revelation that a British voter analytics firm accessed  personal user data from up to 87 million Facebook accounts in connection with Donald Trump's presidential campaign. The resulting public outcry has focused attention on the data and privacy practices of the major U.S. technology companies, including Google. Below is a timeline prepared by the New York Times summarizing the significant regulatory actions recently taken by both U.S. and European Union regulators against Facebook and Google.

By Natasha Singer

March 24, 2018

Over the years, regulators on both sides of the Atlantic have cracked down on Facebook and Google for privacy violations. But as the European Union prepares to introduce comprehensive new data protection regulation in May, European regulators have been stepping up investigations into tech industry data practices.

MARCH 2011

The Federal Trade Commission for the first time requires a company to institute a comprehensive program to protect consumer data privacy

Google reaches a settlement with the F.T.C., which charged the company with using deceptive tactics and violating its own privacy promises to consumers. Google had enrolled Gmail users in its social network, Buzz, without effective ways for them to opt out of the service or limit the sharing of their personal details, the agency said.

NOVEMBER 2011

The F.T.C. goes after Facebook for exposing users’ information

Facebook agrees to settle charges by the F.T.C. that it deceived users by telling them that they could keep their profile information private and then repeatedly allowing it to be shared and made public.

 AUGUST 2012

The F.T.C. fines Google $22.5 million for Safari privacy violations

Google agrees to pay $22.5 million to settle F.T.C. charges that the company misled people who used Apple’s Safari browser by placing advertiser tracking codes, called cookies, on their computers after Google told them that they would be opted out of such tracking. Google also violated a previous settlement that prohibited it from misleading consumers over how they could control collection of their data, the agency said.

ADVERTISEMENT

SEPTEMBER 2012

Facebook turns off facial recognition in Europe after complaints that the company failed to ensure user consent

After an audit by Ireland’s data protection commissioner, regulators reportthat Facebook turned off its photo-tagging facial recognition feature for new users in the European Union and will delete facial template data it had already collected from users there. The commissioner’s office saidFacebook had not sufficiently notified users or obtained their explicit consent to use the feature.

MAY 2017

The European Commission fines Facebook $122 million, saying the social network misled regulators about WhatsApp

The European Commission fines Facebook $122 million for misleading regulators during their investigation of the company’s acquisition of the WhatsApp messaging service. The commission, the executive arm of the European Union, says Facebook told regulators that it would be unable to automatically match an individual user’s Facebook account with his or her WhatsApp account. But WhatsApp later announced that it would begin sharing user data with Facebook.

In December, the French Data Protection Authority orders WhatsApp to stop sharing data with Facebook or face penalties. And in March, a German court bars Facebook from using data from German users of WhatsApp for Facebook’s own purposes, upholding the ruling of a lower court.

DECEMBER 2017

German antitrust regulators censure Facebook’s data practices

In a preliminary finding, Germany’s Cartel Office reports that Facebook has abused its dominant position in the country by requiring users to allow it to endlessly amass data by tracking them through other online services. In February, the regulator says it planned to investigate whether the ability of large platforms like Facebook and Google to set up closed advertising systems and have access to user data was limiting market competition.

FEBRUARY 2018

A Belgian court tells Facebook to stop tracking users around the web

A court in Belgium rules that Facebook must stop tracking users on third-party sites and delete the data it had already collected. The court says Facebook hadn’t sufficiently informed users about the data it gathered on their use of sites outside the social network or how it used that data.

MAY 2018

A sweeping data privacy law is set to take effect in Europe, reshaping data collection practices

The European Union will put into effect a comprehensive privacy law, called the General Data Protection Regulation, that requires companies to obtain consent from users before processing their data and allows the authorities to fine companies up to 4 percent of their annual revenue if they fail to comply.

Natasha Singer is a business reporter covering health technology, education technology and consumer privacy. @natashanyt

A version of this article appears in print on March 24, 2018, on Page A26 of the New York edition with the headline: Feeling