Belgium's privacy watchdog accused Facebook (FB.O) of trampling on European privacy laws by tracking people online without their consent and dodging questions from national regulators.
The Privacy Protection Commission (CPVP/CBPL), which is working with German, Dutch, French and Spanish counterparts, launched the blistering attack after trying to find out more about the U.S. social media giant's practices.
It urged Internet users to install privacy software to shield themselves from Facebook's tracking systems, whether they have an account with the social network or not.
The show of strength from the Belgian regulator, which does not have the power to levy fines, highlights a growing willingness across the 28-member bloc to demand that big U.S. tech companies abide by European laws.
"Facebook tramples on European and Belgian privacy laws", the Commission said after publishing a report analyzing changes that the company made to its privacy policies in January.
It said in a statement that Facebook had refused to recognize Belgian and other EU national jurisdictions, insisting it was subject only to the law in Ireland, the site of its European headquarters.
"Facebook has shown itself particularly miserly in giving precise answers," the watchdog said, adding that the results of the study by a group of researchers were "disconcerting".
A Facebook spokeswoman questioned the Belgians' authority but said it would review the study's recommendations with the Irish data protection commissioner: "We work hard to make sure people have control over what they share and with whom."
"Facebook is already regulated in Europe and complies with European data protection law, so the applicability of the CBPL's efforts is unclear," she said.
Some EU states accuse Ireland of being soft on the multinational firms it wants to attract, whether in data protection or corporate taxation.
SECOND REPORT
The commission said it would publish a second report on Facebook this year. Sanctions available to privacy watchdogs can be negligible to big firms, but a new EU data protection law expected to be ready this year would allow for fines up to 5 percent of annual sales.
The commission said Facebook would not explain in detail how it uses data it collects. It highlighted problems with plug-ins such as Facebook's "Like" button, which it said affected many who do not have a Facebook account.
A number of firms are under fire in Europe over the data they collect. Facebook places tracking "cookies" when anyone visits a Facebook page, meaning it can track the online activities of a huge number of non-customers, but has said this is a bug that it is working to fix.
The Commission asked Facebook to stop gathering user data via cookies and plug-ins, except where users asked for it.
European regulators have previously forced Google (GOOGL.O) to change its privacy policies.
And a year ago, EU judges upheld a Spanish order that Google must remove links to outdated information from searches for people's names — establishing a "right to be forgotten".
EU anti-trust regulators launched a case against Google last month and are probing Apple (AAPL.O) and Amazon (AMZN.O) over low-tax deals with Ireland and Luxembourg. The European Commission is studying whether to pursue German and French proposals for an EU-wide regulator for Internet platforms.
Some European politicians, also angered by revelations of US espionage in Europe, say U.S. firms abuse their power, discouraging local start-ups and jeopardizing privacy laws cherished by Europeans with memories of authoritarian rule.
U.S. President Barack Obama, who is trying to negotiate a landmark transatlantic free trade deal with the EU, TTIP, says Europe is throwing up protectionist barriers to tech companies.