Ireland's Privacy Regulator Moves Closer to Decisions in WhatsApp, Twitter Cases--2nd Update
October 07 2019 - 1:46PM
Dow Jones News
By Sam Schechner
A top European Union privacy regulator is moving closer to
making draft decisions involving Facebook Inc.'s WhatsApp and
Twitter Inc. under the bloc's new privacy law.
Ireland's Data Protection Commission said on Monday that its
investigative unit has, in recent days, completed its
investigations in two of the first cases involving big tech
companies. The results are now on the desk of Helen Dixon, the
body's commissioner, for her draft decisions and possible fine
recommendations, which could come by the end of the year.
The WhatsApp case looks at whether the Facebook-owned chat app
gives sufficient information to users and nonusers about how it
shares data, in particular with other Facebook units. The Twitter
case examines whether the company complied with notification
obligations for a personal data breach the company disclosed to the
regulator in January.
If the companies are found in violation, they could be liable
for hefty fines under the EU's new privacy law, known as the
GDPR.
Representatives for WhatsApp and Twitter declined to comment. A
representative of Facebook also declined to comment.
The Irish regulator said it also hopes to complete the
investigations and turn over to Ms. Dixon two or three other cases
involving Facebook by the end of the year. That is somewhat later
than had been expected, a delay spokesman Graham Doyle explained in
part by saying the regulator has been taking time to make sure its
decisions can withstand potential legal challenges.
"We have moved the first two inquiries into big tech companies
to the decision phase," Mr. Doyle said. "These are the first two of
what we hope will be a number of big tech inquiries completed by
the end of the year."
The Irish cases have been closely watched. How EU regulators
eventually decide the cases under the GDPR, and the size of any
fines they might impose, will help determine the role the EU will
play in regulating the tech sector world-wide.
Ireland has taken a leading role because its Data Protection
Commission is, under EU law, the lead privacy regulator for an
array of large U.S. tech firms that have their regional
headquarters in the country. But that same law also imposes a
power-sharing mechanism the bloc's national privacy regulators --
and that process will increasingly be in the spotlight as large
tech cases move through.
Under the GDPR, privacy regulators must consult with other
regulators on cross-border decisions, seeking their "relevant and
reasoned" objections to any draft decision. Disagreements are
settled by votes of a pan-European board of regulators, a process
that could add additional months of' delay and lead to significant
revisions of Irish decisions.
There is little precedent for what type of fines large tech
companies might expect, and even the maximum amounts can differ in
part based on the type of violation.
For transparency violations, WhatsApp could be liable for up to
4% of the annual world-wide revenue of its parent company,
Facebook, which works out to $2.23 billion for last year. By
contrast, for a breach-notification violation, Twitter faces
maximum fines of 2% of its annual world-wide revenue, or $61
million, based on 2018 revenue.
Write to Sam Schechner at sam.schechner@wsj.com
(END) Dow Jones Newswires
October 07, 2019 13:31 ET (17:31 GMT)
Copyright (c) 2019 Dow Jones & Company, Inc.
Meta Platforms (NASDAQ:META)
Historical Stock Chart
From Aug 2024 to Sep 2024
Meta Platforms (NASDAQ:META)
Historical Stock Chart
From Sep 2023 to Sep 2024