Agency Report — Twitter and Facebook’s WhatsApp are in the firing line as Europe’s leading privacy watchdog for US tech giants edges closer to delivering its first major sanctions under the region’s tough data-protection rules.
The Irish Data Protection Commission said on May 22 that it has finalised a draft decision linked to a data breach at Twitter and has asked its peers across the European Union for their sign-off.
The regulator said it has also completed a draft decision in a probe of WhatsApp’s transparency around data sharing. The Facebook service will be asked to give its comments on any proposed sanctions before EU counterparts can weigh in.
The Irish authority’s probes have been piling up since the bloc’s tough General Data Protection Regulation took effect in May 2018 – but with no final decisions to date. The regulator is the lead data protection authority for some of the biggest US tech companies, including Twitter, Facebook, Google and Apple.
GDPR empowered regulators to levy penalties of as much as 4 per cent of a company’s annual revenue for the most serious violations. The biggest fine to date was a €50 million (Dh200m) penalty for Google by France’s watchdog CNIL.
The Irish regulator said it has also made progress in a number of its other pending cases, including an investigation into obligations of Facebook’s local unit “to establish a lawful basis for personal data processing”, adding that this “inquiry is now in the decision-making phase”.
Twitter and WhatsApp representatives declined to comment on the Irish probes.
