The Belgian Privacy Commission has attacked Facebook, claiming that the firm is knowingly breaking EU privacy laws.
The Commission made the claim in an own-initiative recommendation relating to Facebook, arguing that the company has not adequately responded to requests about its data collection and monitoring practices.
Specifically the Commission said that Facebook "disregards European and Belgian privacy legislation in several ways" and "refuses to recognise the application of Belgian legislation nor the Belgian Privacy Commission".
The document refers to questions raised by a paper produced by researchers at the University of Leuven and the Free University of Brussels on behalf of the Belgian Privacy Commission.
The paper accused Facebook of carrying out privacy-compromising operations without informing users or gaining their consent, and exploiting its dominant position in the social media market to "force users to accept its terms and conditions".
Facebook had previously dismissed the accusations, arguing that its European base is in Ireland and that it is beholden only to the Irish Data Protection Commissioner, with which it complies.
The Irish Data Protection Commissioner has already mounted two probes into Facebook's monitoring and alleged privacy infractions, and found nothing untoward.
A Facebook spokesperson reiterated the argument in a statement sent to V3 about the Belgian commission's latest attack.
"As we expressed to the [Belgian Privacy Commission] in person when we met, there is nothing more important to us than the privacy of our users, and we work hard to make sure people have control over what they share and with whom," read the statement.
"Facebook is already regulated in Europe and complies with European data protection law, so the applicability of the [Belgian Privacy Commission's] efforts are unclear.
"But we will of course review the recommendations when we receive them with our European regulator, the Irish Data Protection Commissioner."
The firm also indicated a belief that the Commission's attack is hypocritical and goes against the Article 29 Working Party's own guidance, which it says stipulates that a company should be regulated where it is established.
The Commission contested this claim, arguing that EU law means Facebook must meet the privacy and data protection laws of all 28 European countries in which it operates.
It added that the firm must also adjust its opt-in systems for cookies and plugins to "meet data protection requirements" and "adapt its user interface in such a way that it obtains its users' unambiguous and specific consent [from the user or webpage visitor]".
Willem Debeuckelaere, president of the Belgian Privacy Commission, pledged to continue pushing Facebook until these reforms are made.
"Facebook is the social network par excellence which almost half of all Belgians are a member of. The way in which these members' and all internet users' privacy is denied calls for measures," he said.
"With this recommendation we have taken a first step towards Facebook, and all internet stakeholders who use Facebook, in order to ensure they start working in a privacy-friendly way. It's bend or break."
Banking Trojan that 'wreaked havoc' in Europe and the US in 2014 may have absorbed NSA exploits to spread via network security flaws, not just phishing
Leaks in the run-up to Samsung Galaxy Note 8 launch pretty much gave it all away
Sonos Play 1 speakers cost £180, but customers could suffer if they don't agree changes to privacy policies
US government 'cyber czar' admits briefing against Kaspersky, but doesn't offer any firm evidence