Facebook suffered a two-pronged attack from the European courts this week, over issues with how it collects and processes user data.

First, the Berlin Regional Court ruled the tech giant had failed to obtain consent from users to use their personal data for advertising purposes.

“Facebook hides default settings that are not privacy-friendly in its privacy centre and does not provide sufficient information about this when users register. This does not meet the requirement for informed consent.”  – Heiko Dünkel, Federation of German Consumer Organisations.

Next, the Brussels Court of First Instance ordered Facebook to stop tracking Belgian citizens’ online behaviour and to delete all data held on them. Facebook will be fined €250,000 per day if it fails to comply.

The court stated: “Facebook informs us insufficiently about gathering information about us, the kind of data it collects, what it does with that data and how long it stores it. It also does not gain our consent to collect and store all this information.”

This is the latest chapter in Facebook’s ongoing battle with the European courts, over data collection and processing. With the General Data Protection Act (GDPR) barely three months away, this is a sharp reminder of what’s to come, as Euro enforcers prepare to make an example of businesses, large and small.

The GDPR replaces the European Union’s Data Protection Act, and grants more power to punish companies that fail to comply. Companies flouting the new regulation could face fines of up to 4% of global annual turnover or €20m, whichever is greater.