Kaspars Grinvalds - stock.adobe.
The office of the Irish Data Protection Commission (DPC) opened 10 statutory inquiries into Facebook and other Facebook-owned platforms in the first seven months since the European General Data Protection Regulation (GDPR) came into force on 25 May 2018.
In its annual report for 2018, the DPC disclosed 15 total GDPR investigations into technology companies in Ireland, seven into Facebook Inc. and Facebook Ireland Limited, two into messaging platform WhatsApp, one into photo-sharing service Instagram, two apiece into Apple and Twitter, and one into LinkedIn.
DPC data protection commissioner Helen Dixon said the introduction of GDPR had demonstrated there is substantial interest in and appetite among the general public for understanding and controlling how their personal data is used.
“While a series of Eurobarometer surveys in recent years have catalogued concerns on the part of the public about uses of their data, it is the rise in the number of complaints and queries to data protection authorities across the EU since 25 May 2018 that demonstrates a new level of mobilisation to action on the part of individuals to tackle what they see as misuse or failure to adequately explain what is being done with their data,” she said.
“In 2018, the DPC opened inquiries into data-processing activities of Facebook, Apple, Twitter, LinkedIn, WhatsApp and Instagram, looking at issues ranging from large-scale data breaches to legal bases for processing to transparent presentation to users,” said Dixon.
“All these inquiries should reach the decision and adjudication stage later this year, and it’s our intention that the analysis and conclusions in the context of those inquiries will provide precedents for better implementation of the principles of the GDPR across key aspects of internet and ad tech services.”
Among the ongoing probes into Facebook are investigations examining whether the organisation discharged its GDPR obligations in respect of the right of access to personal data in its Hive database; in respect of the basis on which it relies to process personal data; and in respect of the basis to which it relies to process personal data in the context of behavioural analysis and targeted advertising.
Four of the investigations have been instigated at Facebook’s own volition – three of these relate to the September 2018 token breach and its response to that, and one in response to the large number of breaches notified to the DPC since last May separate to the token breach.
In the UK, Facebook finds itself at the centre of a gathering storm of controversy after a leaked cache of documents seen by Computer Weekly revealed how the social media platform planned to use its Android smartphone app to spy on its users.
The internal emails, which were obtained after the unprecedented arrest of Six4Three founder Ted Kramer by Parliament’s serjeant-at-arms last November, were published on GitHub and reveal how Facebook planned to match user location data with base station IDs to deliver location-aware products, and to pass data on users who described themselves as single to companies selling dating services and political advertisers.
This came only a week after the publication of a Department for Digital, Culture, Media and Sport (DCMS) select committee report said Facebook had deliberately set out to obstruct and frustrate its inquest into the role of social media in spreading hate speech and fake news.
The report said that Facebook boss Mark Zuckerberg’s attitude to the proceedings were nothing short of contempt.
“Mark Zuckerberg continually fails to show the levels of leadership and personal responsibility that should be expected from someone who sits at the top of one of the world’s biggest companies,” said committee chair Damian Collins, MP.
Also this week, a PR agency-backed survey of 2,000 UK consumers showed 83% support for government regulation of Facebook. A clear majority of respondents also believed Facebook was damaging to its users’ mental health, and that fake news was damaging to democracy.
Read more on Privacy and data protection
Facebook takes legal action against Irish privacy watchdog
Irish privacy watchdog orders Facebook to stop sending user data to the US
Schrems steps up pressure on Irish data protection commissioner on Facebook’s data sharing with US
Schrems v Facebook: European court strikes down EU-US Privacy Shield agreement