Social network giant Facebook was fined €1.2 million by Spain’s data protection watchdog for collecting data from users without telling them how it would be used.

The Spanish data protection authority said that Facebook’s privacy policy contains “generic and unclear terms,” and doesn’t go far enough to collect the consent of its users.

The watchdog said Facebook did not get properly informed consent from users before exploiting this information, and also noted that the company violated laws by not deleting data that was no longer useful for the reasons it was collected.

The consent issue qualified as a “very serious” infringement, meriting a €600,000 fine, while the other two qualified as “serious,” each garnering a €300,000 fine.

ALSO: Facebook begins plans to monetize WhatsApp

Facebook will most likely fight against the ruling, having had a similar fine overturned in Belgium.

The company said in response to the fine: “We take note of the DPA’s decision with which we respectfully disagree. Whilst we value the opportunities we’ve had to engage with the DPA to reinforce how seriously we take the privacy of people who use Facebook, we intend to appeal this decision.

“As we made clear to the DPA, users choose which information they want to add to their profile and share with others, such as their religion. However, we do not use this information to target adverts to people.”

“Facebook has long complied with EU data protection law through our establishment in Ireland. We remain open to continuing to discuss these issues with the DPA, whilst we work with our lead regulator the Irish Data Protection Commissioner as we prepare for the EU’s new data protection regulation in 2018.”