France has ordered Facebook to stop sending user-data information to US. Commission Nationale de l’Informatique et des Libertés(CNIL), a data-protection agency has ordered the social-media giant to stop transferring user-data without consent.

The move came after European Court of Justice ruled out in October last year that the trans-Atlantic data transfer agreement, Safe Harbor Pact, between Europe and the US was illegal.

“Facebook transfers personal data to the United States on the basis of Safe Harbour, although the Court of Justice of the European Union declared invalid such transfers in its ruling of October 6, 2015,” the French CNIL said in a report by The Verge.

CNIL gave Facebook only three months to fix this web-glitch and this has expired last week. EU and US agreed to a new framework after being struck down by the deadline. It has not come into action until now.

Facebook could also face sanctions, if it fails to fix the privacy-related issues. In its response it said “protecting the privacy of the people who use Facebook is at the heart of everything we do. We … look forward to engaging with the CNIL to respond to their concerns.”a Facebook spokeswoman told Reuters.

Following a privacy-probe, CNIL has ordered Facebook to notify all non-Facebook users that their information are tracked by cookies when they visit any Facebook page.

Facebook was earlier targeted for its privacy-related and information sharing issues. In November 2015, Belgium court ordered Facebook to take down its information-tracking practice when users are not logged in. Later in December, the company set out with a rule that the users must log-in to visit Facebook pages. And non-Facebook users can’t access the page.

“We had hoped to address the BPC’s concerns in a way that allowed us to continue using a security cookie that protected Belgian people from more than 33,000 takeover attempts in the past month,” a Facebook spokeswoman has told BBC.