Italian regulators have fined Facebook 10 million euros for selling users' data without informing them.
Facebook "misleadingly gets people to sign up... without informing them in an immediate and adequate way of how the data they will provide will be harvested for commercial purposes", read a statement from Italy's AGCM consumer and market watchdog.
The authority has directed Facebook to publish an apology to users on its website and on its app.
Reacting to this, a Facebook spokesperson said they are reviewing the authority's decision.
"We hope to work with them to resolve their concerns. This year we made our terms and policies clearer to help people understand how we use data and how our business works," the spokesperson was quoted as saying.
"We also made our privacy settings easier to find and use, and we're continuing to improve them. You own and control your personal information on Facebook," the statement said.
Facebook Italy recently agreed to "make a payment of more than 100 million euros" to end a fiscal fraud dispute with Italian authorities.
Ireland's Data Protection Commission (DPC), which is Facebook's lead privacy regulator in Europe, in October opened a formal investigation into the fresh Facebook data breach which affected 50 million users, that could result in a fine of $1.63 billion.
"The investigation will examine Facebook's compliance with its obligation under the General Data Protection Regulation (GDPR) to implement appropriate technical and organisational measures to ensure the security and safeguarding of the personal data it processes," said DPC.