Tech

Irish regulator mismanaged Facebook privacy probe, says Austrian campaigner

Irelands privacy regulator took “highly disturbing” actions in the course of an investigation into possible legal breaches by Facebook and has generally fallen short enforcing Europes privacy rules, Austrian campaigner Max Schrems argued in an open letter Monday.

The letter, which was sent to the European Commission and Parliament as well as several data protection bodies, accuses the Dublin-based regulator of improperly providing legal advice to Facebook on how to avoid penalties before Europes new privacy rules came online, as well as being insufficiently transparent with other regulators.

A probe targeting Facebook was plagued by “highly inefficient and partly Kafkaesque” investigative procedures, added Schrems, whose activist group noyb.eu filed complaints two years ago to the day against Facebook as well as its subsidiaries WhatsApp and Instagram for allegedly relying on “forced consent” to use users personal data.

“We are deeply concerned about the approach the Irish Data Protection Commission (DPC) has taken in three high profile cases against Facebook, Instagram and WhatsApp,” Schrems said in the letter. “At the current speed, these cases will easily take more than ten years until all appeals are decided and a final decision is reached.”

Ireland is responsible for overseeing several Silicon Valley firms due to the General Data Protection Regulations one-stop-shop mechanism, which gives authority to the regulator in the country where the firms operations are based.

Call to action

The Austrian lawyer — whose complaints have led to several high-profile privacy cases before the Court of Justice of the EU — also said that the Irish regulator had improperly advised Facebook during a series of meetings in the run-up to the GDPR coming online. Schrems said those meetings went against the spirit of the law, according to which the watchdog should merely “promote awareness” of the law among companies.

After the meetings, Facebook changed the legal basis under which it processed users data from consent to “alleged data use contract” on the day before the GDPR came online, on May 25, 2018. The change allows the Menlo Park-based company to track, target and conduct research on its users without obtaining explicit consent, Schrems said.

While the content of meetings between Facebook and the DPC was not disclosed, Facebook did refer to them in later legal submissions, he added.

Facebook declined to comment on Schrems letter.

In an emailed statement, a spokesperson for the Irish Data Protection Commission said: “There were no secret meetings held betweRead More – Source