In an open letter, privacy advocate Max Schrems also made allegations of secret meetings between the DPC and Facebook.
Noyb, a non-profit group established by privacy advocate Max Schrems, has published an open letter calling on European authorities to push the Irish data watchdog to speed up its handling of cases he brought against Facebook. The letter also includes serious accusations about the Irish Data Protection Commission (DPC), including claims the regulator held “secret meetings” with Facebook.
The letter comes on the second anniversary of GDPR entering law. Last week, the DPC announced it will soon issue its first major sanctions against Twitter and a second case against Facebook over its messaging platform WhatsApp.
In the letter, Noyb issued an appeal to the European Commission to “take action” against the DPC over what it perceives as a slow, “Kafkaesque procedure” by the regulator in taking on the major tech companies based in Ireland. It also called on other European data protection authorities (DPAs) to increase pressure on the DPC to speed up further regulation.
“Many DPAs are frustrated with situations like in Ireland, but only calling them out is not enough,” Schrems said. “They also have to use the tools that the GDPR foresees. We have for example made such applications with the Austrian DPA now.”
‘Nothing but lipstick on a pig’
The DPC has rejected these accusations, saying in a statement that it has 23 “big tech” inquiries underway, of which three were initiated after complaints from Noyb. “One of these complaint-based inquiries, which focuses on Facebook Ireland’s obligations to establish a lawful basis for personal data processing, has now moved to the decision-making phase,” the DPC said.
Noyb alleged that the DPC and Facebook held 10 “secret meetings” before GDPR came into force in 2018. It claimed that Facebook had discussed switching its legal policy for processing user data from ‘consent’ to an alleged ‘data use contract’, allowing the company to track, target and conduct research on users.
“It is nothing but lipstick on a pig,” said Schrems, who is chair of Noyb. “Since Roman times, the law prohibits ‘renaming’ something just to bypass the law.
“What Facebook tried to do is not smart, but laughable. The only thing that is really concerning is that the Irish DPC apparently engaged with Facebook when they were designing this scam and is now supposed to independently review it.”
No secret meetings
Graham Doyle, deputy commissioner of the DPC, denied there were any secret meetings held between the regulator and Facebook, as alleged by Noyb.
“We regularly engage and meet with companies from all sectors as part of our regulatory enforcement and supervision functions,” he said.
The letter comes a few days after the DPC said it had completed an inquiry into Twitter, its first major decision under GDPR regarding one of the major tech companies. The draft decision will now be reviewed by other regulators and, if supported, will see the company face potential fines.
Last December, Schrems’ years-long battle with Facebook hit a major stumbling block after the advocate general of the Court of Justice of the EU advised a ruling in favour of the social network. The advocate general said that Facebook’s sharing of data on its European users across to the US and elsewhere was within the company’s rights and not an infringement to users’ privacy rights.