European case against Facebook’s WhatsApp must be decided by Irish data body within a month, EU privacy watchdog rules

0
European case against Facebook’s WhatsApp must be decided by Irish data body within a month, EU privacy watchdog rules

The EU’s privacy watchdog has given Ireland’s data protection agency a month to produce its long-delayed decision on Facebook’s WhatsApp compliance with EU laws, forcibly settling the agency’s dispute with other national bodies.

The months-long probe into WhatsApp’s compliance with transparency obligations envisioned under the EU’s General Data Protection Regulation (GDPR) is seemingly nearing its completion.

On Wednesday, the European Data Protection Board (EDPB) ordered Ireland’s Data Protection Commission to wrap up its investigation and produce a decision within a month. The agency is leading the oversight of Facebook as the headquarters of the company’s European chapter are based in Ireland.

The Irish commission produced a draft decision on WhatsApp compliance with EU laws last December, submitting it for a review to other national privacy protection agencies in the bloc. Those agencies raised multiple objections to the report, including the classification of the infringements identified by the Irish team and on whether the specific data should be considered private or not.

The Irish watchdog, however, rejected the objections, bringing the case to the EDPB. The latter, however, has ultimately sided with the European peers, establishing that their objections were “relevant and reasoned.” Now, the Irish watchdog is obliged to adhere to the concerns and produce its final decision within a month.

“The IE SA [Irish supervisory authority] shall adopt its final decision, addressed to the controller, on the basis of the EDPB decision, without undue delay and at the latest one month after the EDPB has notified its decision,” the EU watchdog said in a statement.

“The EDPB will publish its decision on its website without undue delay after the IE SA has notified their national decision to the controller.”

The board’s decision likely means that the social media giant faces a larger fine than initially proposed by the Irish regulators. The proposed fine of up to €50 million has been harshly criticized by the privacy protection bodies of other European nations, which deemed it a mere slap on the wrist for the behemoth company.

Think your friends would be interested? Share this story!

Comments are closed.