A state watchdog’s preliminary GDPR decision signalled potential administrative fines of €360m to €430m against Meta for personal data processing practices affecting millions of users. Meta Platforms Ireland Ltd challenged the watchdog in the High Court, arguing the Data Protection Commission exceeded its powers by widening an inquiry from a single user complaint to all Facebook users. The Commission’s preliminary draft decision indicated possible findings of infringements of three GDPR articles and corrective measures, including a reprimand and a compliance order affecting Meta’s general data access practices. The central legal issue concerned whether complaint-based powers allow systemic corrective orders and fines based on an infringement that also impacts the wider user base.
"Meta has lost a key legal challenge against a state watchdog's preliminary draft decision which signalled the possibility of fines totalling up to €430m to be levied against the tech giant. The case stems from a single complaint made eight years ago relating to personal data processing. Meta Platforms Ireland Ltd had mounted the High Court challenge arguing that the Data Protection Commission acted outside its powers by widening its investigation, broadening it to all users of Facebook."
"The Commission in a preliminary draft decision in October last year signalled an intention to make findings of infringements of three articles of the General Data Protection Regulation (GDPR) and to direct corrective measures. These could include a reprimand, a compliance order affecting Meta's general data access practices and administrative fines totally €360m-€430m due to the significant impact of the practices on millions of users."
"Ms Justice Siobhan Phelan said the central legal issue was the scope of the Commission's powers to direct corrective measures and impose administrative fines on foot of a single user complaint. In essence, the judge said the question for determination was whether the Commission can within a complaint-based GDPR inquiry impose systemic corrective orders and fines based on a finding of an infringement which also affects the wider user base, or whether doing so unlawfully exceeds its powers."
"The case arose from a complaint which was made in 2018 by a Facebook user regarding access to personal data held by Meta in a digital warehouse termed a 'Hive'. The complainant contended that without raw level access he could not meaningfully assess whether Facebook held or inferred potentially sensitive or special category data about him or whether his GDPR rights were being respected. Facebook in July 2018 refused to provide raw Hive data relying on GDPR limitations and the complainant then made a complaint to the Commission, which formally open"
Read at Irish Independent
Unable to calculate read time
Collection
[
|
...
]