According to a draft decision published by the complainant, Ireland’s Data Protection Commission (DPC) has imposed a fine of up to 36 million euros (about Rs 310 crore) on Facebook in one of more than a dozen investigations opened into the social media giant. has been proposed. Under the EU 2018 data protection rules, the DPC must now share the preliminary decision with all relevant EU supervisory authorities and consider their views before making a final decision.
Due to the location of their EU headquarters in Ireland, the Irish Commission is the principal regulator of Facebook and many of the world’s largest technology companies under the bloc’s “one stop shop” data regime.
The complaint, filed by Austrian privacy activist Max Schrems, concerns the legality of Facebook’s processing of personal data, particularly around its terms of service.
According to the draft decision published by Schrems’ digital rights group NOYB, the DPC proposed a fine of EUR 28 million (about Rs 245 crore) to EUR 36 million (about Rs 310 crore) for Facebook’s failure to provide sufficient information.
The draft ruling called the violations serious in nature and criticized Facebook for its lack of transparency.
Facebook was not immediately available to comment.
Schrems criticized the findings, saying they were flagging DPCs bypassing EU GDPR privacy rules by moving consent clauses into terms and conditions related to areas such as advertising and online tracking.
A DPC spokesperson said it has sent the draft decision to other supervisory officials and did not comment further as the process is ongoing.
Facebook’s WhatsApp subsidiary was fined a record 225 million euros (about Rs 1,965 crore) by the Irish regulator last month.
Following similar intervention from other regulators, the DPC also extended a small fine of 450,000 euros (about Rs 3.9 crore) to Twitter – its first approval under GDPR rules.
© Thomson Reuters 2021