Ireland’s decision about Facebook sparks argument about limits of GDPR

Get a free Techzine subscription!

EU officials are getting ready to fight regarding how much control companies should have over the processing of personal data after a decision targeting Facebook came out of Ireland’s privacy regulator, triggering pushback from campaigners.

Ireland’s Data Protection Commission said last week that it plans to fine Facebook between 28 and 36 million euros over what it called a lack of transparency regarding what the social media giant does with user data.

Privacy campaigners can see right through this move by the watchdog, as it gives Facebook too much leeway to collect data on users without getting explicit consent.

Critics

The argument over the limits of Europe’s GDPR laws will probably heat up in the coming weeks as watchdogs from the 27 countries come in to contribute their say regarding Ireland’s draft Facebook decision before a final judgment is reached.

If Ireland’s decision holds, it would spell the “end of data protection as we know it,” according to one official at a national privacy regulator who asked to remain anonymous to discuss what the regulators intend to deliberate.

The criticism comes from Austrian privacy campaigner Max Schrems who filed the original complaint against Facebook.

Consent or trickery?

Schrems said that Ireland’s decision amounted to a GDPR bypass as it allows companies to collect data without consent, adding that it is painfully obvious that Facebook simply tries to go around the rules of the GDPR by redefining the agreement on data as a ‘contract.’

It is known that companies like Facebook know many of us do not read the agreements on data, since they are long, use dense language, and are crafted deliberately to obfuscate the suspicious things they don’t want anyone to notice.

The company argues that the agreement constitutes the company asking people for consent, even though that assertion raises more questions about the nature of consent.