Decisions on alleged big tech data breaches due this summer

Watchdog has 16 investigations ongoing into Facebook, WhatsApp, Instagram, Twitter, Apple and LinkedIn

Data Protection Commissioner Helen Dixon. Photograph: Dara Mac Dónaill

Data Protection Commissioner Helen Dixon. Photograph: Dara Mac Dónaill

 

The State’s data privacy watchdog will start making decisions by the summer on whether internet giants should face large fines under the new EU data protection laws.

Helen Dixon, the Commissioner for Data Protection, said five or six of the regulator’s investigations into alleged data breaches by big tech were “well advanced” and that she expected to circulate draft decisions on potential sanctionable infringements to her fellow EU data regulators during the summer.

“We are still a number of months away because each phase has a number of steps in it and the right to be heard by the parties is an important part of the fair procedures, but they are progressing,” she said.

Ms Dixon has 10 inquiries under way into Facebook and its WhatsApp and Instagram units, three inquiries at Twitter, two at Apple and one at LinkedIn.

She has yet to use new powers to fine companies as much as 4 per cent of global turnover if they breach the General Data Protection Regulation (GDPR) rules. The EU law, introduced in May 2018, made the commission the de facto pan-EU regulator for web giants operating from European head offices based in Dublin.

Speaking on publication of the commission’s 2018 annual report – covering the first months of GDPR enforcement – Ms Dixon said that “taking a scalp” to serve as a deterrent was not an approach she was taking but she was ensuring fair procedures were followed.

“There is external pressure to see results. We are not in any way deaf to that but, equally, we are not going to be willing to short-cut what we need to do,” she told The Irish Times.

Facebook emails

The commission has 49 inquiries into alleged data breaches ongoing, including 16 investigations into big tech companies, including seven into Facebook, three into Twitter and two into Apple.

Ms Dixon said her staff were examining internal Facebook emails identified by a UK parliamentary committee investigation into how the social media giant collects and uses private data “to see if there are any leads” in them for the commission’s current inquiries into the giant or whether they lead to a new inquiry.

The commission was making “good” progress in its investigation into alleged data breaches at Independent News & Media, she said, because it had co-operation, including from Trust Data Solutions, a contractor that accessed the data of INM journalists and executives, which she described as a “linchpin”.

Ms Dixon said she expected the investigation to conclude findings “in the coming months”.

She said the commission would in the coming three months be seeking submissions on an investigation report into two local authorities in the inquiry into the surveillance of citizens in 31 statutory inquiries involving the use of CCTV cameras, body-worn Garda cameras and automatic number-plate recognition.

The commission reported a 56 per cent rise in the total number of complaints received to 4,113, including 1,928 GDPR complaints, in 2018, and a 70 per cent increase in valid data security breaches to 4,740.