Privacy & Data Security Law News

WhatsApp, Twitter First In Line to Get Irish Privacy Rulings (2)

Nov. 20, 2019, 7:12 PMUpdated: Nov. 20, 2019, 10:18 PM

Europe’s lead privacy watchdog on big tech said the first in a series of rulings by her office using tough new European Union regulations will soon be handed down, with Facebook Inc.’s WhatsApp and Twitter Inc. in the firing line.

The Irish Data Protection Commissioner’s most advanced cases concern WhatsApp’s transparency around its data sharing, if any, with Facebook and its wider group of companies, and a probe her office opened into Twitter following a breach reported to the regulator in early January.

“We’ve commenced the decision-making phase in respect of both of those,” Helen Dixon, the Irish commissioner, said in an interview on the sidelines of a Brussels privacy conference on Wednesday. She said this involved writing to the companies and that they responded with “a number of queries,” especially regarding “the form of the draft decision” that the regulator will have to share with other EU watchdogs before making a final decision.

Dixon’s authority is in charge of regulating many of the U.S.’s biggest companies, which have European bases in Ireland. Her office has 21 open investigations of big technology companies, including into Facebook, Alphabet Inc.’s Google and Apple Inc. The first decisions “will start to roll out soon,” Dixon told the conference.

The two rulings on Dixon’s desk also could be the first to test a new system of cooperation between the EU regulators, where a draft decision is being sent to each of the bloc’s data-protection authorities for their approval or possible objections, she said.

“Unless another data-protection authority that similarly supervises big multinationals like we do advances ahead of us, it’s likely to be the first time,” she said.

Facebook and Twitter declined to comment.

Regulators throughout Europe are looking to increase fines they issue under the EU’s new General Data Protection Regulation, which took effect in May 2018 and allows penalties as large as 4% of a company’s annual revenue.

The biggest fine levied under the rules so far was a 50 million-euro ($55.4 million) fine by France’s privacy regulator against Google.

The Google record penalty could be topped by Dixon’s office. The U.K. Information Commissioner’s Office too is looking to levy unprecedented fines under the new privacy rules. In July, the ICO said it plans to fine British Airways 183.4 million pounds ($237 million) over computer attacks that exposed customer data. A day later, the British authority said a massive hacking of Marriott International Inc. reservation databases could lead to a 99 million-pound levy under the EU’s new rules. Those decisions are not yet final.

To contact the reporters on this story:
Stephanie Bodoni in Brussels at sbodoni@bloomberg.net;
Daniel Stoller in Arlington at dstoller1@bloomberg.net

To contact the editors responsible for this story:
Anthony Aarons at aaarons@bloomberg.net

Peter Chapman, Amy Thomson

© 2019 Bloomberg L.P. All rights reserved. Used with permission.

((Adds Facebook response in seventh paragraph.))
To read more articles log in. To learn more about a subscription click here.