Not a GDPR fine, but, according to press reports, Facebook has been fined €10M by the Italian consumer protection authority arising out of its use of subscriber’s data. The reports say that FB breached the Italian Consumer Code by misleading users about the commercial use of their data and not making it clear to users that, although the service was ‘free’ in a monetary sense, there was a profit in it for FB in the use of data.
We will provide a fuller report on the case. This should not be ignored by those responsible for privacy compliance elsewhere in Europe, because it is likely that the Italian law on which this decision is based is in place to comply with the EU Directive on Unfair Commercial Practices (2005/29/EC), so the same decision could be reached in the UK or elsewhere in the EU.
Link to press report (The Guardian): https://www.theguardian.com/technology/2018/dec/07/italian-regulator-fines-facebook-89m-for-misleading-users