Facebook faces third large fine for violating EU data laws in Ireland

Moves in social media giant case come ahead of large fine against its Instagram service for violating children’s privacy

Facebook owner Meta Platforms is facing a third large fine for violating EU data laws in Ireland, after setting aside hundreds of millions of euro to cover the growing cost of regulatory inquiries into its social media sites.

New moves in a big Facebook case come ahead of a large fine against its Instagram service for violating children’s privacy, which will be imposed this month after European supervisors settled a row over the case. The company’s WhatsApp division was fined €225 million a year ago for “severe” privacy breaches.

European officials have clashed repeatedly over punitive measures proposed by Irish data protection commissioner Helen Dixon, Facebook’s main EU supervisor because the company’s European headquarters is in Dublin. The company has more than 2,000 staff in Ireland.

READ MORE

In recent days, Ms Dixon sent a file to the European Data Protection Board (EDPB), the Brussels-based body that resolves disputes between national regulators, on a complaint from a group led by Austrian campaigner Max Schrems.

Transparency issues

Ms Dixon had received “a number of” objections from counterparts to her draft decision on that complaint, which centres on the legal basis Facebook relies on to process personal data and transparency issues.

A large fine against Instagram is imminent in a separate case involving “the public disclosure of email addresses and phone numbers of children” using its business account feature “and a public-by-default setting for personal accounts of children” using the app.

Read more

Regulator moves closer to ban on Facebook EU-US data flows

Facebook parent Meta fined €17m by Irish Data Protection Commission

Data privacy watchdog defends record on enforcing EU rules

The EDPB took a binding decision on Instagram in late July to settle objections raised by “several” of Ms Dixon’s counterparts to “the legal basis for processing and the determination of the fine”. The penalty must be imposed within one month. There has been no comment on the decision from Ms Dixon’s office.

Asked about Instagram and the Schrems case, Facebook said: “Nothing is more important to us than the safety and privacy of our community on Facebook and Instagram.”

“We’re continuing to co-operate fully with the IDPC on their ongoing inquiries,” the company added, referring to Ms Dixon’s office.

Schrems case

Replying to questions, the European board said it was assessing the completeness of Ms Dixon’s file in the Schrems case.

“We can now confirm that the EDPB has received a formal submission with regard to Facebook, which is the first step in the triggering of the dispute resolution mechanism,” the board said.

Ms Dixon’s spokesman acknowledged “the process is ongoing” on the EDPB submission but declined to elaborate. In such cases an EDPB settlement is required within two months.

EDPB scrutiny of the WhatsApp case led to Ms Dixon being directed to increased penalties to €225 million from the €30-€50 million fine she proposed. WhatsApp appealed that ruling.

Meta later reserved €724 million to cover administrative fines on top of €302 million previously allocated – a sign of huge potential costs racked up in inquiries under the General Data Protection Regulation, EU privacy laws that aim to toughen control over the use of personal data by business.

Arthur Beesley

Arthur Beesley

Arthur Beesley is Current Affairs Editor of The Irish Times