News

EU Data Protection Committee: Facebook violates the GDPR

The disputes between the EU and the notorious U.S. tech companies don’t seem to be dying down. Currently, there is again a lot of frustration about Facebook’s lax and allegedly illegal handling of European users’ data. The accusation is that the meta-subsidiary has been using personal data to target advertising for years without explicit consent. Now Ireland is to respond.

DSGVO requires consent for “profiling”

Facebook is a real money printing machine, mainly thanks to its numerous advertising partners. The reason for this is that probably hardly any other company has comparably valuable data to offer from the most diverse target groups. As a result, the subsidiary of the tech company Meta does not have to search long for suitable advertising partners. Anyone who wants to address a very specific target group simply approaches the social network. While profiling, in which users are given a kind of profile by means of an algorithm, is common practice in the USA, it is only permitted in the EU under strict conditions. For example, explicit consent is required from the user in question. This is provided for in the General Data Protection Regulation (GDPR).

According to the European Data Protection Board, Meta Platforms violates this regulation. This was determined at a meeting on Monday, December 05, 2022. The result is not surprising. After all, Facebook is currently apparently blithely evaluating the personal data of its users for advertising purposes even if there was no consent at all. The behavior of the data protection authority in Ireland, which is actually responsible in this case, is all the more surprising. Although the GDPR has now been in place for four years, the local data protection authorities have still not initiated any proceedings. The Emerald Isle is considered a mecca for U.S. tech corporations to keep EU business running with matching server facilities in the most tax-efficient way possible.

First complaint as long as four years ago

The perfidious part of the story is that Facebook is selling its obvious violation of the provisions of the GDPR as a great feature. Just in time for the 2018 entry into force, the social network namely also changed its user regulations. Here, the analysis of personal data was suddenly presented as an enrichment for users. After all, this is how you get tailored advertising displayed. Those who agreed to the terms of use therefore also agreed to this point. Of course, this trick didn’t work, and it quickly drew criticism from data protection experts. This included the data protection organization Nyob. The organization, led by Max Schrems, filed a complaint with the Irish data protection authority against the actions of the Meta subsidiary in the same month that the user provisions were published.

Meta itself denied any accusation and saw itself and Facebook as saviors who only had good things in mind for users. After all, the social network felt obligated to evaluate the personal data. This was owed to its users, since the service was stipulated in the user terms and conditions. Meta itself is already known for good arguments. So far, however, very few data protection experts have really fallen for them. The situation is different for the Irish data protection authority. After all, they supported Facebook and allowed the procedure. Now, almost four and a half years later, the data protection authorities of the other EU members have finally put their foot down in the Data Protection Committee and overruled Ireland. The DPC, Ireland’s data protection authority, on the other hand, continues to stand by its opinion.

Questionable role of DPC in dealing with Facebook

All in all, the Irish Data Protection Authority is by no means in a good light in this matter. After all, the authority’s conduct in these proceedings is questionable in many respects. This already starts with the mere stretching out. With a duration of four and a half years, this procedure has turned into a real money-eater that has brought to light gigantic mountains of files. Nyob agrees that the answer should be clear. But the duration is not the only problem that needs to be questioned. Nyob also revealed that the Irish data protection authority had probably tried to change the interpretation of the GDPR at EU level in favor of Meta.

The long wait for a result

Whether the four-and-a-half-year wait for complainant Nyob will last must be doubted after all. After all, it will not be published until early 2023 what decision the data protection committee has reached. From a report by Reuters, however, it is already clear that there is a disagreement between the Irish data protection authority and the EU data protection committee. While there is a reluctance at the EU level to accept Facebook’s trick user policy, the DPC agrees with the social network’s approach. Since the DPC has to bow to the other EU members, it is now apparently up to it to impose a penalty. As we are already used to from Meta, the tech company will not accept this idly. Instead, the company will probably go to court once again. Consequently, we will have to wait for a long time before a final result is announced to the public. Then Meta will face the next billion-dollar fine.

Simon Lüthje

I am co-founder of this blog and am very interested in everything that has to do with technology, but I also like to play games. I was born in Hamburg, but now I live in Bad Segeberg.

Related Articles

Neue Antworten laden...

Basic Tutorials

Gehört zum Inventar

8,601 Beiträge 2,296 Likes

The disputes between the EU and the notorious U.S. tech companies don’t seem to be dying down. Currently, there is again a lot of frustration about Facebook’s lax and allegedly illegal handling of European users‘ data. The accusation is that the meta-subsidiary has been using personal data to target advertising for years without explicit consent. … (Weiterlesen...)

Antworten Like

Back to top button