Ireland’s Data Protection Commission (DPC) announced on Saturday that the long-running investigation of Facebook and WhatsApp’s conduct in the European Union, concerning transparency of data-sharing between the two platforms, is headed for a resolution.
In what many are saying is a significant first step towards the resolution, the DPC sent out a draft decision to fellow EU data protection agencies (DPAs) towards the end of 2020.
Now, there is going to be a review process of the draft by the DPAs. The draft needs to have majority backing, following regulations under the EU’s General Data Protection Regulation (GDPR) guidelines.
The draft is only the second of its kind that the DPS has sent out to date, involving the cross-border GDPR cases. The first case that went through this process was the investigation into a Twitter security breach, which led to a fine of $550,000 in December.
The WhatsApp case might look timely, given the recent update to its Terms and Conditions that highlighted how much data sharing is happening between Facebook and the messaging app.
However, the case in the draft dates back to 2018, when the GDPR rules started being enforced.
The case relates to WhatsApp Ireland’s compliance with Articles 12 to 14 of the GDPR guidelines, which dictate how information should be provided to data subjects whose information is being processed to exercise their rights.
When the process comes to an end and the final decision is made, the level of standards of transparency required by EU DPAs will become clear.
Ireland is busy with other ongoing investigations into tech giants related to complaints filed in May 2018 regarding something called ‘forced consent.’ This kind of ‘consent’ comes about when the companies either trick you into accepting detrimental terms or make it part of the experience by default with no opting out.