The Irish data protection commissioner expects to issue decisions on investigations into Twitter and Whatsapp by the end of November, a spokeswoman has said.
However, the effect of any sanction or fine, if issued, would not occur for “months” after that due to statutory examination processes.
Helen Dixon’s office concluded its investigation several weeks ago and is formulating draft decisions, possibly with the inclusion of a sanction, fine or regulatory order for Whatsapp and Twitter to change their own processes.
The Irish regulator has 21 statutory enquiries into multinational technology firms, the majority of which are into Facebook or component companies such as Whatsapp or Instagram.
READ MORE: Israeli spyware used in WhatsApp hack ‘can secretly snoop on your Apple, Facebook and Google data’
The investigation into Whatsapp concerns whether the division of Facebook has been transparent in how it provides information to both users and non-users of the service, including how Whatsapp passed data between it and other Facebook companies.
The Twitter probe concerns a data breach notification from January of this year.
The Irish Data Protection authority is one of the most powerful data regulation bodies in Europe because of the tech multinational companies that choose to base their international headquarters in Ireland. Under GDPR law, the Irish DPC can fine a company up to 4pc of its annual turnover.
READ MORE: Facebook to pay record €4.5bn fine for privacy breaches
In total, Ms Dixon’s office currently has 61 statutory enquiries under way under GDPR law, 21 of which are focused on tech multinational firms.
These include
- Facebook (8);
- Twitter (3);
- Apple (3);
- Whatsapp (2);
- Instagram (1);
- Google (1);
- Linkedin (1);
- Quantcast (1);
- and Verizon Media (1).
Ms Dixon told the American publication Fortune Magazine that final results in relation to the Whatsapp and Twitter decisions were unlikely before the end of the year, despite her office’s draft decisions within a few weeks.
Ms Dixon’s spokeswoman said that the decisions need to be circulated within EU peers before the final effect of any sanction or fine can occur.
READ MORE: Irish data watchdog to probe Facebook for listening to Messenger audio conversations
“We cannot take any shortcuts”, Ms Dixon told the publication, adding that the companies affected could choose to legally contest the findings.
Earlier this year, Ms Dixon told Independent.ie that it would likely take “months” to arrive at a formal decision due to a statutory process of “examination and analysis”.
“I’d like to say that we could do it on 48 hours, but it has to be in the order of months to be done in the way that it has to be done,” she said. “I will have to allow them a period of time to respond. I would have to consider their responses.”
READ MORE: The Big Tech Show: Data Protection Commissioner Helen Dixon on her decision to halt plans for national identity card through stealth
Earlier this Autumn, US authorities fined Facebook $5bn for data privacy failings in the largest settlement of its kind to date.
However, Ms Dixon said that while the Irish office was prepared to use the “scope” of the GDPR’s maximum 4pc fine structure, the EU process is different to the American one.
“We’re not really looking at $5 billion or what the FTC has done,” she told the Irish Independent’s Big Tech Show podcast.
“We’ve got to look at this fairly under the legal framework that we have. One criticism of the FTC’s decision is that it has done nothing to change Facebook’s business model or the way that Facebook will handle personal data.
“The decisions that we make here have to have an impact in terms of punishing any contraventions and providing a precedent for others in terms of how we say the GDPR must be applied.”
Ms Dixon said that another decision, into Garda surveillance techniques using CCTV cameras and identification of car licence plates, is also nearing a final result.
READ MORE: Adrian Weckler: ‘One year on from GDPR, when will we start to see big fines dished out?’
Source: Read Full Article