Irish Supervisory Authority announces decision in Facebook “Data Scraping” inquiry

Dec 1, 2022

Source: European Data Protection Board

Background information

Date of final decision: 25 November 2022
Cross-border, subject to the cooperation and consistency mechanism outlined in Article 60 GDPR.
LSA: Irish Supervisory Authority (SA).
and CSAs:  all other European SAs.    
Controller: Meta Platforms Ireland Limited (formerly Facebook Ireland Limited) (‘Meta Platforms’).
Legal Reference: GDPR obligation for Data Protection by Design and Default (Article 25 GDPR).
Decision: infringement of Articles 25(1) and 25(2) GDPR, order to bring processing into compliance, and administrative fines totalling €265 million.
Key words: Data Protection by Design and Default, cross-border, Article 25.

 

Summary of the Decision

 

Origin of the case

The Irish Supervisory Authority, SA commenced this inquiry on 14 April 2021, on foot of media reports into the discovery of a collated dataset of Facebook personal data that had been made available on the internet.

 

Key Findings                                   

The scope of inquiry concerned an examination and assessment of the Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer tools in relation to processing carried out by Meta Platforms  during the period between 25 May 2018 and September 2019. The material issues in this inquiry concerned questions of compliance with the GDPR obligation for Data Protection by Design and Default. The DPC examined the implementation of technical and organisational measures pursuant to Article 25 GDPR (which deals with this concept).

 

Decision

The decision, which was adopted on Friday, 25 November 2022, records findings of infringement of Articles 25(1) and 25(2) GDPR. The decision imposed a reprimand and an order requiring Meta Platforms to bring its processing into compliance by taking a range of specified remedial actions within a particular timeframe. In addition, the decision has imposed administrative fines totalling €265 million on Meta Platforms.

 

For further information: Data Protection Commission announces decision in Facebook “Data Scraping” inquiry

Recent news

Data Protection Day 2023

On the occasion of Data Protection Day, we invite you to take a look back at GDPR enforcement over the last few years and explore how the EDPB helps all EEA DPAs act as one to safeguard your rights, today and tomorrow. Join us to see how European data protection...

read more

EDPB publishes Binding Decision concerning WhatsApp

Following the EDPB’s binding dispute resolution decision of December 5th, WhatsApp IE was issued a 5.5 million euro fine by the Irish Data Protection Authority (DPA). In its Binding Decision, the EDPB instructed the IE DPA to amend its draft decision with respect to...

read more
Generated by Feedzy