+ INFORMATION

Share on social networks!

Data protection in large companies

This 2023 we have started it with a true pitched battle between Ireland and the rest of the member countries of the European Union, more specifically between the supervisory authority in matters of data protection of said country, the Data Protection Commissioner of Ireland, and the rest of the control authorities in Europe, including Spain, the Spanish Data Protection Agency and the European Data Protection Committee (European Data Protection Board, its English translation).

The epicenter of this earthquake has been none other than Mark Zuckerberg and his company Meta, specifically the companies Facebook, Instagram and WhatsApp. In 2016, the General Data Protection Regulation 2016/679 was approved, whose entry into force was agreed to be Two years later, specifically in May 2018, giving certain “margin” to data controllers and processors to adapt their activities to the new regulation, which will be in force for 5 years in 2023.

Data protection and META

It is important to present certain data to understand all this conflict generated in recent weeks. The technological multinational GOAL, earns around $14 billion annually from advertising, so one of the main sources of income comes from this activity. With the entry of new regulations on data protection in 2018, the so-called tacit consent disappeared giving rise to strict rules for data processing, established in article 6.1 of the General Data Protection Regulation 2016/679.

Lock On Computer Keyboard On The Wooden Tablexa

Days before the entry into force of GDPR 2016/679, META made a series of modifications to its terms and conditions when a user signed up for any of its services or social networks. Among these changes, it incorporated a series of purposes into the “contract” for registering an account, including the processing of data for commercial advertising purposes, thus complying with the provisions of article 6.1-B of the General Data Protection Regulation. Data that allows data to be processed under the premise of compliance with a contract.

That same day, May 26, 2018, Max Schrems, who caused the fall of the two privacy shields between the EU and the US (Safe Harbor and Privacy Shield), filed a complaint in Ireland with the Data Protection Commissioner, given that it is there, in Ireland, where META has its headquarters in the European Union, while this country offers certain advantages and benefits tax for technology companies.

META case resolution

It has taken almost 5 years to resolve the complaint that Max Schrems filed with the Data Protection Commissioner against Meta (Instagram, Facebook and Instagram) because the supervisory authorities have not reached an agreement. Initially Ireland established a penalty of 38 million euros to Meta for failing to comply with the information principle of article 13 of the RGPG 2016/679 but not for the legal basis used by the multinational United States to process data for advertising purposes, since the control authority considered that it was a legal basis established in the own regulations.

Facebook Symbol On Screen Smartphone Or Mobile 3d Render And Facebook Reactions Love Wow Like Emoji 3d Render

As this was a case that affected many people in different countries, a draft of the proposed resolution was sent to the rest of the control authorities of the European Union, which raised a cry in the sky.

Ten of the forty supervisory authorities in matters of data protection made observations on this sanction proposal which, finally, as it generated conflict and disagreement, was analyzed by the European Data Protection Committee, which finally decided to impose a sanction of 390 million euros and Goal (210 to Facebook and 180 to Instagram) considering that the legal basis used was not correct, that is, article 6.1 – B of the RGPD, the appropriate legal basis being express consent of the interested party (article 6.1-A of the GDPR).

And what about WhatsApp?

The decision of the European Data Protection Board means that Meta will have to allow users have a version of all your apps that does not use personal data for ads within three months. The decision would still allow Meta to use non-personal data (such as story content) to personalize ads or ask users to consent to ads using a “yes/no” option.

Users must be able to withdraw their consent at any time and Meta cannot limit the service if users choose to do so. Although this will drastically limit Meta's benefits in the EU, it will not ban ads entirely. Instead, the decision will put Meta on the same level as other websites or apps, which must offer a "yes/no" option to users.

Beautiful Young Woman Using Her Mobile Phone In The Street

Following this resolution by the European Data Protection Board, the Irish supervisory authority issued a harsh statement against the body for exceeding its functions and interfering in the decision-making capacity of the Irish body. Regarding WhatsApp, the resolution, with a penalty of 5.5 million euros (much lower than those of Facebook and Instagram), concludes that Meta tried to "evade" the consent requirement of the GDPR adding a clause to the terms and conditions of advertising.

Ireland's supervisory authority has adapted its limited decision, but refuses to investigate other matters, as ordered by the European Data Protection Board. The fines that the Data Protection Commissioner of Ireland announced last week on WhatsApp are set by Ireland, despite the fact that the final decision was made by the European Data Protection Board —the European committee resolves, the DPC sets the amount of the sanction—.

In short, the European organization understands that WhatsApp cannot force its users to accept the use of your data by the messaging app so that the service "improves" and for "security" reasons.

Train yourself in one of the most in-demand jobs in the labor market with the help of our Professional Master in Compliance & Data Protection Management.

Subscribe to our newsletter to stay up to date with all the news

Basic information on data protection.
Responsible for the treatment: Mainjobs Internacional Educativa y Tecnológica SAU
Purpose: Manage your subscription to the newsletter.
Legitimation for processing: Explicit consent of the interested party granted when requesting registration.
Transfer of data: No data will be transferred to third parties, except under legal obligation.
Rights: You may exercise the rights of Access, Rectification, Deletion, Opposition, Portability and, where applicable, Limitation, as explained in the additional information.
Additional information: You can consult additional and detailed information on Data Protection at https://www.mainfor.edu.es/politica-privacidad
Blog Master Dpo

Leave a comment