For several years now Iāve watched as the Irish Data Regulator has valiantly fought to sweep Metaās sins under the carper.
Thereās a long history of regulatory incompetence in Ireland, but I canāt help suspecting that this case has been driven more by the Data Protection Regulator wanting to keep Meta onboard and protecting the MNC rather than protecting the public.
A bit of background to this record fine.
Schrems battle with data regulators
Max Schrems, an Austrian privacy campaigner, paid three visits to the office of the Data Protection Commissioner when it oversaw Facebook, Google, Dropbox and the rest of big tech from above a shop in Portarlington, Co Laois. On his first visit, Schrems says an official gave him a 15-minute dressing down for criticising the DPC in press interviews.
On another occasion he was told no one was available to speak to him about a privacy complaint he had lodged. āI was like, āthis is childish and I can be just as childish as youā,ā he said. So the dogged Austrian phoned the DPC every hour, until finally an official texted to say no one would talk to him. āAfter that they didnāt really respond to any emails any more, even though there was an open, pending case,ā Schrems claimed in 2018 in an interview with Frontline.
In 2014, Billy Hawkes, as data protection commissioner, rejected one of Schremsās cases against Facebook as frivolous and vexatious. That decision was overturned by the courts, and the process finally concluded on Tuesday with the DPC fining Facebookās owner Meta ā¬1.2 billion for violations of European data privacy laws.
Schremsās relationship with regulators has not improved. āWe regularly have to sue DPAs [with costs of ā¬2,000-ā¬5,000 on average], to get āfreeā GDPR complaints decided,ā he tweeted after the Meta fine was announced.
The Latestā¦
Irish watchdog opposed ā¬1.2bn Meta fine, saying it would have no āmeaningful dissuasive effectā
Case centres on Facebookās transfers of personal data to the US in defiance of EU law
*Meta, which plans a court appeal against the ruling, claimed it was flawed and unjustified. *
A record ā¬1.2 billion fine against Facebook owner Meta for violating privacy law was imposed in the face of claims by Irelandās data regulator that no financial sanction was needed.
The penalty against one of the worldās largest companies was imposed on Monday after Data Protection Commissioner Helen Dixonās European counterparts dismissed her argument that a fine would have no āmeaningful dissuasive effectā on Meta.
It was the biggest fine since Ms Dixon assumed sweeping powers in 2018 to supervise the European operations of large tech companies such as Meta, which have their EU headquarters in Ireland.
The regime was billed as a game-changer in the drive to control how business exploits consumersā personal information, although critics say enforcement should be sharper and swifter.
Meta, which plans a court appeal against the ruling, claimed it was flawed and unjustified. But European regulators accused the company of āthe highest degree of negligenceā with personal data, as they instructed Ms Dixon to impose a large fine.
She is lead European Union regulator for Meta with responsibility for pan-European investigations into any violations of the data of hundreds of millions of users. Still, her conclusions must be approved by EU counterparts in a Brussels-based body called the European Data Protection Board (EDPB).
Records show Ms Dixon met a backlash from Austrian, German, French and Spanish regulators for saying there should be no financial penalty at all.
The case centres on Facebook transfers of personal data to the United States, in defiance of EU law after a 2020 European court ruling struck down the arrangements. The data included āphotographs, videos or messagesā and āeveryday data of social interactions with family, friends, acquaintances and othersā.
The social media giant, one of the Stateās biggest taxpayers, has been directed to suspend any future transfers within five months. It must also cease within six months āunlawfulā processing and storage in the US of European data.
The latest sanction against Meta brings its total EU sanctions for privacy violations to some ā¬2.5 billion. But Ms Dixon had argued that a fine on top of an order to suspend the data transfers would not be proportionate.
āI expressed the view, in the draft decision, that the imposition of an administrative fine would not render the [Data Protection Commissionās] response to the findings of unlawfulness any more effective,ā she said in case papers.
āNor did I consider that, in the particular circumstances of this case, or in relation to transfers generally, the imposition of an administrative fine on top of the suspension would have any meaningful dissuasive effect.ā
Such assertions met resistance from four other regulators, who insisted on a fine when the case went to the European board. That body agreed, saying a suspension order alone would ānot be enough to produce the specific deterrence effect necessary to discourage Metaā from continuing the infringements.
āThe [EDPB] considers that, taking into account the nature and scope of the processing, as well as the very high number of data subjects affected, Meta [Ireland] committed an infringement of significant nature, gravity and duration,ā it said.
āThe EDPB takes the view that the imposition of an administrative fine in addition to the suspension order would have an important deterrence effect, which the imposition of a suspension order alone cannot have.ā
An earlier wrangle between the Irish Data protection Commissioner and her EU colleagues.