FILE PHOTO: Austrian lawyer and privacy activist Max Schrems poses after a Reuters interview in Vienna, Austria, July 16, 2020. REUTERS/Lisi Niesner
October 13, 2021
DUBLIN (Reuters) -Ireland’s Data Protection Commission (DPC) has proposed fining Facebook up to 36 million euros ($42 million) in one of more than a dozen probes it has opened into the social media giant, according to a draft decision published by the complainant on Wednesday.
Under European Union 2018 data protection rules, the DPC must now share the preliminary ruling with all concerned EU supervisory authorities and consider their views before making a final verdict.
The Irish commission is the lead regulator of Facebook and many other of the world’s largest technology company’s under the bloc’s “One Stop Shop” data regime, due to the location of their EU headquarters in Ireland.
The complaint, lodged by Austrian privacy activist Max Schrems, concerned the lawfulness of Facebook’s processing of personal data, specifically around its terms of service.
The DPC proposed a fine of 28 million to 36 million euros for Facebook’s failure to provide sufficient information, according to the draft decision, published by Schrems’ digital rights group NOYB.
The draft ruling described the infringements as serious in nature and criticised Facebook for a lack of transparency.
Facebook was not immediately available to comment.
Schrems criticised the findings, saying they amounted to the DPC greenlighting Facebook’s bypassing of the EU’s GDPR privacy rules by moving consent clauses relating to areas such as advertisement and online tracking into its terms and conditions.
A spokesperson for the DPC said it had sent the draft decision to the other supervisory authorities and had no further comment as the process is ongoing.
Facebook’s WhatsApp subsidiary was fined a record 225 million euros by the Irish regulator last month after the EU privacy watchdog pressured the DPC to raise the penalty following criticism from other supervisory authorities.
The DPC also increased a far smaller 450,000 euro fine on Twitter – its first sanction under the GDPR rules – after similar interventions from other regulators.
($1 = 0.8663 euros)
(Reporting by Padraic Halpin Editing by Steve Orlofsky and Mark Potter)