Share on social networks!

Data protection in large companies

This 2023 we have started it with a true pitched battle between Ireland and the rest of the member countries of the European Union, more specifically between the supervisory authority in matters of data protection of said country, the Data Protection Commissioner of Ireland, and the rest of the control authorities in Europe, including Spain, the Spanish Data Protection Agency and the European Data Protection Committee (European Data Protection Board, its English translation).

The epicenter of this earthquake has been none other than Mark Zuckerberg and his company Meta, specifically the companies Facebook, Instagram and WhatsApp. In 2016, the General Data Protection Regulation 2016/679 was approved, whose entry into force was agreed to be Two years later, specifically in May 2018, giving certain “margin” to data controllers and processors to adapt their activities to the new regulation, which will be in force for 5 years in 2023.

Data protection and META

It is important to present certain data to understand all this conflict generated in recent weeks. The technological multinational GOAL, earns around $14 billion annually from advertising, so one of the main sources of income comes from this activity. With the entry of new regulations on data protection in 2018, the so-called tacit consent disappeared giving rise to strict rules for data processing, established in article 6.1 of the General Data Protection Regulation 2016/679.

Lock On Computer Keyboard On The Wooden Tablexa

Days before the entry into force of GDPR 2016/679, META made a series of modifications to its terms and conditions when a user signed up for any of its services or social networks. Among these changes, it incorporated a series of purposes into the “contract” for registering an account, including the processing of data for commercial advertising purposes, thus complying with the provisions of article 6.1-B of the General Data Protection Regulation. Data that allows data to be processed under the premise of compliance with a contract.

That same day, May 26, 2018, Max Schrems, who caused the fall of the two privacy shields between the EU and the US (Safe Harbor and Privacy Shield), filed a complaint in Ireland with the Data Protection Commissioner, given that it is there, in Ireland, where META has its headquarters in the European Union, while this country offers certain advantages and benefits tax for technology companies.

META case resolution

It has taken almost 5 years to resolve the complaint that Max Schrems filed with the Data Protection Commissioner against Meta (Instagram, Facebook and Instagram) because the supervisory authorities have not reached an agreement. Initially Ireland established a penalty of 38 million euros to Meta for failing to comply with the information principle of article 13 of the RGPG 2016/679 but not for the legal basis used by the multinational United States to process data for advertising purposes, since the control authority considered that it was a legal basis established in the own regulations.

Facebook Symbol On Screen Smartphone Or Mobile 3d Render And Facebook Reactions Love Wow Like Emoji 3d Render

As this was a case that affected many people in different countries, a draft of the proposed resolution was sent to the rest of the control authorities of the European Union, which raised a cry in the sky.

Ten of the forty supervisory authorities in matters of data protection made observations on this sanction proposal which, finally, as it generated conflict and disagreement, was analyzed by the European Data Protection Committee, which finally decided to impose a sanction of 390 million euros and Goal (210 to Facebook and 180 to Instagram) considering that the legal basis used was not correct, that is, article 6.1 – B of the RGPD, the appropriate legal basis being express consent of the interested party (article 6.1-A of the GDPR).

And what about WhatsApp?

The decision of the European Data Protection Board means that Meta will have to allow users have a version of all your apps that does not use personal data for ads within three months. La decisión seguiría permitiendo a Meta utilizar datos no personales (como el contenido de una historia) para personalizar anuncios o pedir a los usuarios su consentimiento a los anuncios mediante una opción de “sí/no”.

Los usuarios deben poder retirar su consentimiento en cualquier momento y Meta no puede limitar el servicio si los usuarios deciden hacerlo. Aunque esto limitará drásticamente los beneficios de Meta en la UE, no prohibirá totalmente los anuncios. En cambio, la decisión pondrá a Meta al mismo nivel que otros sitios web o aplicaciones, que deben ofrecer una opción de “sí/no” a los usuarios.

Beautiful Young Woman Using Her Mobile Phone In The Street

Tras esta resolución del European Data Protection Board, la autoridad de control de Irlanda emitió un duro comunicado contra el órgano por estar extralimitándose en sus funciones e interfiriendo en la capacidad de decisión del organismo irlandés. En cuanto a WhatsApp la resolución, con una sanción de 5.5 millones de euros (muy inferior a las de Facebook e Instagram) concluye que Meta intentó “eludir” el requisito de consentimiento del GDPR adding a clause to the terms and conditions of advertising.

Ireland's supervisory authority has adapted its limited decision, but refuses to investigate other matters, as ordered by the European Data Protection Board. The fines that the Data Protection Commissioner of Ireland announced last week on WhatsApp are set by Ireland, despite the fact that the final decision was made by the European Data Protection Board —the European committee resolves, the DPC sets the amount of the sanction—.

In short, the European organization understands that WhatsApp cannot force its users a aceptar el uso de sus datos por parte de la app de mensajería para que el servicio “mejore” y por razones de “seguridad”.

Train yourself in one of the most in-demand jobs in the labor market with the help of our Professional Master in Compliance & Data Protection Management.

Subscribe to our newsletter to stay up to date with all the news

EIP International Business School informs you that the data in this form will be processed by Mainjobs Internacional Educativa y Tecnológica, SAU as the party responsible for this website. The purpose of collecting and processing personal data is to manage your subscription to the newsletter as well as to send commercial information about the services of the data controller. The legitimacy is the explicit consent of the interested party. Data will not be transferred to third parties, except under legal obligation. You may exercise your rights of access, rectification, limitation and deletion of data at compliance@grupomainjobs.com, as well as the right to lodge a complaint with the supervisory authority. You can consult additional and detailed information on Data Protection in the Privacy Policy that you will find on our website.
Blog Master Dpo

Leave a comment

EIP International Business School informs you that the data in this form will be processed by Mainjobs Internacional Educativa y Tecnológica, SAU as the party responsible for this website. The purpose of collecting and processing personal data is to manage your subscription to the newsletter as well as to send commercial information about the services of the data controller. The legitimacy is the explicit consent of the interested party. Data will not be transferred to third parties, except under legal obligation. You may exercise your rights of access, rectification, limitation and deletion of data at compliance@grupomainjobs.com, as well as the right to lodge a complaint with the supervisory authority. You can consult additional and detailed information on Data Protection in the Privacy Policy that you will find on our website.