Document Analysis NLP IA
FREQ, RAKE or TFIDF
Summary (IA Generated)
A long-running investigation in the European Union focused on the transparency of data-sharing between Facebook and WhatsApp has taken the first major step towards a resolution.
The DPC’s draft WhatsApp decision, which it told us was sent to the other supervisors for review on December 24, is only the second such draft the Irish watchdog has issued to-date in cross-border GDPR cases.
The first case to go through the process was an investigation into a Twitter security breach — which led to the company being issued with a $550,000 fine last month.
The WhatsApp case may look very timely, given the recent backlash over an update to its T&Cs, but it actually dates back to 2018, the year GDPR begun being applied — and relates to WhatsApp Ireland’s compliance with Articles 12-14 of the GDPR (which set out how information must be provided to data subjects whose information is being processed in order that they are able to exercise their rights).
“As you are aware, the DPC has been conducting an investigation into WhatsApp Ireland’s compliance with Articles 12-14 of the GDPR in terms of transparency, including in relation to transparency around what information is shared with Facebook, since 2018.
The DPC has provisionally concluded this investigation and we sent a draft decision to our fellow EU Data Protection Authorities on December 24, 2020 (in accordance with Article 60 of the GDPR in order to commence the co-decision-making process) and we are waiting to receive their comments on this draft decision.
It’s also notably that the time between the DPC’s Twitter draft and the final decision being issued — after gaining majority backing from other EU DPAs — was almost seven months.
Although there is some hope that GDPR enforcement of cross border cases will speed up as DPAs gain experience of the various mechanisms and processes involved in making these co-decisions (even if major ideological gaps remain).
The backlash led WhatsApp to announced last week that it was delaying enforcement of the new terms by three months.
Last week Italy’s data protection agency also issued a warning over a lack of clarity in the T&Cs — saying it could intervene using an emergency process allowed for by EU law (which would be in addition to the ongoing DPC procedure).
On the WhatsApp T&Cs controversy, the DPC’s deputy commissioner Graham Doyle told us the regulator had received “numerous queries” from confused and concerned stakeholders which he said led it to re-engage with the company.
WhatsApp have confirmed to us that there is no change to data-sharing practices either in the European Region or the rest of the world arising from these updates.
While there’s no doubt Europe’s record of enforcement of its much vaunted data protection laws against tech giants remains a major weak point of the regulation, there are signs that increased user awareness of rights and, more broadly, concern for privacy, is causing a shift in the balance of power in favor of users.
Proper privacy enforcement is still sorely lacking but Facebook being forced to put a T&Cs update on ice for three months — as its business is subject to ongoing regulatory scrutiny — suggests the days of platform giants being able to move fast and break things are firmly on the wain.