Another year, another record fine for Facebook for privacy violations. This time it’s €225m, for the way WhatsApp shares its user data with other Facebook subsidiaries.
It is now common cause that Facebook will skate as close as it can to the legal line, often pushing the privacy regulations, and always in a way that protects its personal data-gobbling business. The fine is for "severe" and "serious" infringements of Europe’s ground-breaking general data protection regulation (GDPR). This legislation places common sense and EU common law restrictions on what companies can do with people’s personal data and the transparency required to collect or process it.
(In SA the Protection of Personal Information Act, known as the Popi Act or Popia, came into effect on July 1.)
The fine was issued in Ireland by the Data Privacy Commission (DPC), because that country is where Facebook, and most US tech firms, have their European headquarters.
Somewhat ironically, the Irish government has actively courted Big Tech to make Dublin its EU home, offering generous tax breaks. These breaks were criticised by the EU, which ordered Ireland to charge realistic fees — something the Irish are appealing against.
This is the biggest fine the DPC has granted — and the second-largest in the EU against a tech firm. However, the DPC originally wanted to fine WhatsApp €30m-€50m. Eight other EU data regulators rejected this, and the matter was then referred to the European Data Protection Board, the agency that oversees the GDPR, which found that the fine should be €225m.
The Irish regulator said an "extremely high" number of WhatsApp users were affected by the company’s lack of adherence to the GDPR. "This includes information provided to data subjects about the processing of information between WhatsApp and other Facebook companies," the DPC said in a 266-page ruling.
The problem with all these personal privacy infringements and data breaches is that once the data is out there, it’s out there
Its commissioner, Helen Dixon, pointed to four "very serious" GDPR lapses. These "go to the heart of the general principle of transparency" and people’s right to protect their personal data, based on their autonomy to share their personal information.
Dixon said WhatsApp had also been ordered to "bring its processing into compliance by taking a range of specified remedial actions".
I wish I could turn back time. The problem with all these personal privacy infringements and data breaches is that once the data is out there, it’s out there. There’s little people can do if their data is used in a way they did not agree to, or is hacked and released onto the dark web.
At least the EU’s privacy laws rein in Facebook’s free-for-all with people’s data. Amazingly, at the end of last year, the DPC was conducting 14 inquiries into Facebook, WhatsApp and Instagram.
Let’s hope they can effect those "specified remedial actions".
Shapshak is publisher of Stuff magazine and Scrolla.Africa
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.