Facebook has been fined the maximum penalty — 150,000 euros (AU$224,000) — by the French data protection watchdog the CNIL after failing to guard web activity data from being accessed by advertisers.

The CNIL said in a statement that the fine was the result of a European investigation into the tech giant’s practices.

It marks the first significant action taken against a company transferring Europeans’ data to the United States.

The fine was imposed on Facebook Ic and Facebook Ireland, but ongoing investigations were also being carried out in Belgium, the Netherlands, Spain and Germany.

While 150,000 euros was the maximum fine the watchdog could impose, a new law introduced in October could see the CNIL impose future penalties as high as $3 million euros (about AU$4.48 million).

The CNIL last year requested that Facebook stop tracking non-users’ web activity without consent. It also ordered the social network to halt all transfers of personal data to the United States.

In a statement provided to Reuters, Facebook failed to detail whether it would take action following the watchdog’s decision.

“We take note of the CNIL’s decision with which we respectfully disagree,” it read.

“At Facebook, putting people in control of their privacy is at the heart of everything we do. Over recent years, we’ve simplified our policies further to help people understand how we use information to make Facebook better.”

Facebook argued that it was the responsibility of the Irish data protection authority to impose such an order, rather than the CNIL, due to the social media company’s European head office being located in Dublin.

New European data protection laws, due to be introduced next year, could see companies fined up to four percent of their global turnover if found to be contravening regulations.