Internet

Ireland’s Data Protection Commission (DPC) has proposed fining Facebook up to EUR 36 million (roughly Rs. 310 crores) in one of more than a dozen probes it has opened into the social media giant, according to a draft decision published by the complainant. Under European Union 2018 data protection rules, the DPC must now share the preliminary ruling with all concerned EU supervisory authorities and consider their views before making a final verdict.

The Irish commission is the lead regulator of Facebook and many other of the world’s largest technology company’s under the bloc’s “One Stop Shop” data regime, due to the location of their EU headquarters in Ireland.

The complaint, lodged by Austrian privacy activist Max Schrems, concerned the lawfulness of Facebook’s processing of personal data, specifically around its terms of service.

The DPC proposed a fine of EUR 28 million (roughly Rs. 245 crores) to EUR 36 million (roughly Rs. 310 crores) for Facebook’s failure to provide sufficient information, according to the draft decision, published by Schrems’ digital rights group NOYB.

The draft ruling described the infringements as serious in nature and criticised Facebook for a lack of transparency.

Facebook was not immediately available to comment.

Schrems criticised the findings, saying they amounted to the DPC greenlighting Facebook’s bypassing of the EU’s GDPR privacy rules by moving consent clauses relating to areas such as advertisement and online tracking into its terms and conditions.

A spokesperson for the DPC said it had sent the draft decision to the other supervisory authorities and had no further comment as the process is ongoing.

Facebook’s WhatsApp subsidiary was fined a record EUR 225 million (roughly Rs. 1,965 crores) by the Irish regulator last month after the EU privacy watchdog pressured the DPC to raise the penalty following criticism from other supervisory authorities.

The DPC also increased a far smaller EUR 450,000 (roughly Rs. 3.9 crores) fine on Twitter – its first sanction under the GDPR rules – after similar interventions from other regulators.

© Thomson Reuters 2021