Meta, the parent company of Facebook, Instagram, and WhatsApp, has recently been hit with fines from all sides. The fines are being imposed by individual countries (primarily EU member states) for violations of the right to privacy in the area of personal data protection. Within the EU, Meta must comply with the strict rules of the General Data Protection Regulation (hereinafter “GDPR”), which it has violated on numerous occasions in recent years.
Ireland Fines Meta 17 Million Euros
The Irish Data Protection Commission (hereinafter “DPC”) has fined Meta for violating data protection laws. The DPC, as the main regulatory authority for data protection in the European Union, stated that the tech giant in question had not implemented appropriate technical and organizational measures to ensure the effective protection of its users’ data. It is precisely this breach of obligations under the GDPR that is the basis for this fine.
The investigation that led to the final decision concerned the processing of personal data, specifically during the period from June to December 2018. During this period, the company committed a total of 12 data protection violations. This is not the first time the DPC has fined this company. Last fall, it imposed a record fine of 225 million euros on WhatsApp.
WhatsApp’s Record Fine of 225 million euros
The fine imposed on Meta last fall was a record both for the company and for the supervisory authority that imposed it. In terms of amount, it is the second-highest fine ever imposed for a personal data protection violation under EU law. The highest fine was imposed by the Luxembourg Data Protection Authority on Amazon in the amount of 746 million euros.
The DPC’s decision specifies exactly which GDPR provisions WhatsApp violated. For these violations, the DPC imposed individual fines of 90, 30, 30, and 75 million euros.
What were the violations?
According to the supervisory authority’s decision, WhatsApp did not process the personal data of data subjects (users) in a lawful, fair, and transparent manner, thereby violating Article 5(1)(a) of the GDPR.
Another violation was a breach of Article 12 of the GDPR, as the company failed to provide information about how it collects data “in a concise, transparent, intelligible, and easily accessible form, using clear and simple language.” The information should be understandable enough that even a child could tell whether the information provided is intended for them as well.
WhatsApp also failed to provide users with information about where the data is stored, whom data subjects can contact to exercise their rights, the purpose of processing personal data, or the potential recipients of the data, thereby violating Article 13 of the GDPR.
The company also failed to inform users when their data was obtained and processed from third parties and where the data came from, thereby violating Article 14 of the GDPR.
The GDPR is considered a powerful tool for EU member states against large technology companies, as it grants national supervisory authorities cross-border powers and the ability to impose substantial fines for data misuse. The DPC has been criticized in the past by other European regulators for taking too long to issue decisions against tech giants and for not imposing sufficiently severe fines given the nature of the violations.
Meta is also facing a lawsuit in the United Kingdom
Meta is currently facing a lawsuit over allegations of data misuse involving more than 44 million Facebook users in the UK, who could be awarded collective damages totaling 2.7 billion euros. This applies to all users who used the social network at least once between 2015 and 2019. The class-action lawsuit was filed by competition law expert Dr. Liza Lovdahl Gormsen.
According to the expert, Facebook abused its market dominance by imposing unfair terms on users in the United Kingdom in order to misuse their personal data. Meta commented on the matter: “People have free access to our services. They choose our services because we provide them with value, and they have meaningful control over what information they share on Meta platforms and with whom they share it. We have invested heavily in creating tools that enable them to do so.”
Sources:
https://index.sme.sk/c/22733713/whatsapp-dostal-od-irska-rekordnu-pokutu-225-milionov-eur.html
GDPR Regulation
