Facebook's complicated privacy settings make it hard for users to control their data, said the report
Facebook has been accused of breaking European data-protection laws, in a report written for Belgium's privacy watchdog.
The social network placed "too much burden" on users to navigate its complex settings, said the report.
Also, it said, people were not told enough about how data Facebook gathered on them was used in adverts.
In response, Facebook said it was confident its policies and terms complied with relevant laws.
Complicated collection The report was drawn up in response to Facebook's announcement it was updating its privacy policy and its terms and conditions. The updated terms were implemented on 30 January.
The report, written by academics from the University of Leuven, said the changes were not "drastic" but instead clarified what Facebook had been doing for some time.
The clarification led the report's authors to conclude that Facebook was "acting in violation of European law" governing:
- how data is gathered about people
- what is done with the information
- how people are informed about these practices
Users should get more information about which information was being shared with and which organisations saw it, added the report.
In response, Facebook said its updated terms and policies were much clearer and concise and helped "expand" the control people had over advertising.
It said its privacy policies and terms were overseen by the Irish data protection commissioner, which made sure they both complied with broader European laws on how data was gathered and used for advertising.
"We're confident the updates comply with applicable laws," it added.
The report comes as European law makers are grappling with a significant update to the region's data-protection regime. The updated laws are expected to be in force from 2017 onwards.