Ireland's Data Protection Commission (DPC) has proposed fining Facebook up to EUR 36 million in one of more than a dozen probes it has opened into the social media giant, according to a draft decision published by the complainant.
Under European Union 2018 data protection rules, the DPC
must now share the preliminary ruling with all concerned EU supervisory
authorities and consider their views before making a final verdict.
The Irish commission is the lead regulator of Facebook and
many other of the world's largest technology company's under the bloc's
"One Stop Shop" data regime, due to the location of their EU
headquarters in Ireland.
The complaint, lodged by Austrian privacy activist Max
Schrems, concerned the lawfulness of Facebook's processing of personal data,
specifically around its terms of service.
The DPC proposed a fine of EUR 28 million to EUR 36 million
for Facebook's failure to provide sufficient information, according to the
draft decision, published by Schrems' digital rights group NOYB.
The draft ruling described the infringements as serious in
nature and criticised Facebook for a lack of transparency.
Facebook was not immediately available to comment.
Schrems criticised the findings, saying they amounted to the
DPC greenlighting Facebook's bypassing of the EU's GDPR privacy rules by moving
consent clauses relating to areas such as advertisement and online tracking
into its terms and conditions.
A spokesperson for the DPC said it had sent the draft
decision to the other supervisory authorities and had no further comment as the
process is ongoing.
Facebook's WhatsApp subsidiary was fined a record EUR 225
million by the Irish regulator last month after the EU privacy watchdog
pressured the DPC to raise the penalty following criticism from other
supervisory authorities.
The DPC also increased a far smaller EUR 450,000 fine on
Twitter - its first sanction under the GDPR rules - after similar interventions
from other regulators. - Reuters
0 comments:
Post a Comment