Facebook, Google Face 'Strong Pipeline' of Privacy Rulings in Europe
February 24 2021 - 7:29PM
Dow Jones News
By Sam Schechner
The privacy regulator overseeing Facebook Inc., Alphabet Inc.'s
Google and Apple Inc. in the European Union expects to boost its
tally of big tech decisions this year -- and rejects complaints
that its enforcement has been too slow.
Helen Dixon, who leads Ireland's Data Protection Commission,
said her office is on track to make draft decisions in roughly half
a dozen privacy cases involving big technology companies this year,
compared with just two last year.
"The pipeline is very strong. The momentum is building in terms
of concluding these inquiries," Ms. Dixon said in an interview.
Ms. Dixon is one of the world's most influential privacy
regulators because the data commission she leads is in charge
enforcing the EU's General Data Protection Regulation, or GDPR, for
companies that have their regional headquarters in Ireland.
Two cases, involving Facebook, are already on Ms. Dixon's desk
for draft decisions, she said. Five others, including one involving
Google and others involving Facebook subsidiaries, are nearing the
end of their investigations, with final reports either submitted to
the companies for a final round of comments or received back, she
added.
Ireland in December also submitted a draft decision in a case
involving WhatsApp, a Facebook subsidiary, for approval to fellow
EU privacy regulators. The Irish data commission is currently
considering a number of their objections, Ms. Dixon said. A final
decision is possible in the coming months.
A Google spokesman confirmed the company had received Ireland's
investigative report, adding: "We are continuing to cooperate fully
with the office of the Data Protection Commission in its inquiry."
Facebook declined to comment.
The plans to ramp up the Irish data commission's output come as
Silicon Valley is coming under unprecedented scrutiny around the
globe.
U.S. federal and state officials have filed antitrust lawsuits
against Google and Facebook, while competition regulators in the EU
are examining other cases involving Amazon and Apple. A showdown
between tech companies and Australia over a new law has given added
prominence to the question of whether publishers should get paid
for news available via tech platforms -- and if so, how much.
But Ms. Dixon is facing increasing pressure from some privacy
activists to speed up her enforcement of the EU's flagship privacy
law. Nearly three years after the GDPR went into effect, there have
been few major decisions or fines against big tech companies. The
first cross-border fine against a prominent tech company under the
law was Ireland's 450,000-euro fine, equivalent to about $547,000,
in December against Twitter Inc.
Instead, the largest European privacy fines against big tech
companies in recent years were issued last fall by France's privacy
regulator, CNIL, which used a separate law, called the ePrivacy
directive, to fine Google and Amazon.com Inc. a combined $163
million.
Ms. Dixon says fines are important but only part of the picture.
She said Wednesday that Ireland's cases take a long time because
they have so far involved novel, complex law, and companies must be
given their due-process rights to respond substantively to all
allegations during an investigation.
"There are unrealistic expectations about the nature of these
inquiries and how quickly they can conclude," Ms. Dixon said.
"There tends to be a view that just because somebody tweets that
something is a breach -- I should have written a decision and
slapped on a fine the day before -- and this is just nonsense."
In addition, Ireland's draft decisions in cross-border cases
like those involving tech giants must be reviewed and finalized
along with the EU's other privacy regulators as part of the GDPR's
power-sharing rules. In the Twitter case, that process, including
squabbling over the amount of the fine, added half a year between
the draft decision and the final fine.
Bigger fines may be coming from Ireland's data commission.
WhatsApp's Irish unit in November reported in corporate filings
that it had set aside EUR77.5 million for potential fines from the
commission. Ms. Dixon declined to comment on the amount of any fine
she recommended in the draft decision that she shared with her EU
counterparts in December.
Some of the cases also drive toward the core of some tech
companies' business model. One set of cases nearing decisions looks
at allegations from a privacy-advocacy group that users are forced
to consent to Facebook's terms and conditions, and whether the
company actually needs personal data for advertising to provide its
service.
Also on Ms. Dixon's plate: a separate battle with Facebook over
whether the social network will have to suspend at least some
transfers of data about its EU users to servers in the U.S. The
commission told Facebook in August that it believed a ruling from
the EU's top court last summer required Facebook to suspend some
such transfers, because of concerns about U.S. surveillance
authorities' access to the data.
Facebook appealed to stop Ireland from issuing an order, which
is now paused pending a judicial review in Ireland. Ms. Dixon said
the regulator fully defended its position in a December court
hearing, and that a decision is expected in coming months.
Write to Sam Schechner at sam.schechner@wsj.com
(END) Dow Jones Newswires
February 24, 2021 19:14 ET (00:14 GMT)
Copyright (c) 2021 Dow Jones & Company, Inc.
Meta Platforms (NASDAQ:META)
Historical Stock Chart
From Aug 2024 to Sep 2024
Meta Platforms (NASDAQ:META)
Historical Stock Chart
From Sep 2023 to Sep 2024