Austrian privacy and data rights campaigner Max Schrems’s NYOB organisation, who filed the original complaint against the technology giant, has published the DPC’s draft decision online.
The DPC, which is headed by Helen Dixon confirmed it sent out the decision to fellow European data protection agencies and that they have a month to respond to its findings.
The DPC has been investigating claims by NYOB that Facebook has “bypassed the GDPR” by changing terms and conditions for users in a manner by which it no longer needs consent to process personal data. It is alleged it has done this by relabelling agreements on data use as a ‘contract’.
Other European data protection authorities have issued guidelines stating that such a bypass of the GDPR is illegal and must be treated as consent. However, the Irish DPC has said it is not persuaded by such views.
A penalty of the level outlined in the documents published by NYOB, if levied against the company, would amount to roughly 0.048 per cent of Facebook’s global revenue. The GDPR allows for penalties of up to 4 per cent.
The DPC is Facebook’s lead regulator in the European Union and is therefore charged with investigating suspected breaches of general data protection regulation (GDPR) rules.
The draft decision has been sent onto other data protection authorities , who can raise objections to the proposed solution. If this happens, the case will then reach the European Data Protection Board (EDPB) where the Irish DPC’s suggested proposal can be overruled, as it was in a recent case involving WhatsApp.