:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/N4TCJBSEDDOUUHHG6QIZCTPVRU.jpg)
Ireland's Data Protection Commission (DPC) has written to Max Schrems's NOYB organisation asking it to remove a draft decision that it had published on its website.
The commission was investigating a complaint by NOYB that Facebook has "bypassed the GDPR" by changing terms and conditions for users so that it no longer needs consent to process personal data. It is alleged it has done this by relabelling agreements on data use as a "contract".
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/T63HLOGX6PJAXB5P7262A4ATOE.jpg)
The draft decision from the DPC proposed a penalty of between €28 million and €36 million for Facebook. It has been sent to fellow European data protection agencies and they have a month to respond to its findings.
In the letter to Mr Schrems’s organisation, the DPC said the inquiry materials needed to be treated as confidential to preserve the integrity of the process, and publication of the draft decision was a “flagrant breach” of the binding commitment the organisation had made to respect the confidentiality of the process.
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/NZMJA2IU7JAE5BZGWEUXBQ7X3Q.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/UWFXOZXJYRDM7JWBUHVXFSE3LA.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/QKJHHXZBPY52PAPRO4NTLXXOUA.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/QX2YQWXNW5PABAWQL3KWFEDETE.jpg)
Mr Schrems criticised the DPC, claiming the letter was part of a general approach by the commission to stifle criticism and “silence debate”.
Legal basis
In a statement, Mr Schrems said the NOYB group had always refused suggestions that the documents could not be published.
“The DPC knows that there is no legal basis to demand that we withhold relevant documents from the public. Instead, they now cite letters that are partly more than two years old. If these letters are read in full, they all confirm that we have always refused any suggestion that we cannot publish these documents,” he said.
A spokesman for the DPC said the commission was unable to comment as the process was still ongoing. “We have sent the draft decision to the other concerned supervisory authorities under Article 60 of the GDPR,” he said.
In the letter sent to NOYB, the DPC refuted claims that the confidentiality “required by this office” had no legal basis, and said such assertions had “at all material times been rejected by this office”.
“The deliberate and calculated breach by you of your voluntary undertaking represents an unlawful and entirely improper interference in the GDPR-mandated processes by which the draft decision delivered by the DPC in respect of your complaint is being examined and considered by the CSAs [concerned supervisory authorities],” the letter said.
:quality(70)/s3.amazonaws.com/arc-authors/irishtimes/850d265f-5198-4767-aa62-36b3b810588d.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/sandbox.irishtimes/GW3FWAURWFGM7FF4RMYJLBG7ZI.png)