Meta not fit to comply with data laws, human rights group tells EU

18 Nov 2022

Image: © Tada Images/

Dr Johnny Ryan of the ICCL told European commissioner Margrethe Vestager that there exists a ‘regime of data anarchy’ at Meta.

The Irish Council for Civil Liberties (ICCL) has said that Facebook parent company Meta is incapable of complying with EU data rules.

In a letter to European Commission vice-president Margrethe Vestager, ICCL’s Dr Johnny Ryan called out Meta for “a data free-for-all” that makes compliance with new EU laws “impossible”.

EU competition chief Vestager is one of the commissioners behind the recently passed Digital Markets Act (DMA), which aims to crack down on anti-competitive behaviour by Big Tech and level the playing field in digital markets.

The ICCL’s claims are based on thousands of pages of unsealed court documents from an ongoing case against Meta in California. The human rights organisation said these documents show a “regime of data anarchy” at Meta, in which people responsible for data systems are unaware of how other people in the company use the system.

“These latest revelations show data anarchy inside Meta,” Ryan said separately.

“Meta cannot comply with the new EU Digital Markets Act and has failed to uphold its GDPR obligations for years,” he added. “This is a data free-for-all.”

Ryan wrote that the documents highlight how, in some cases, even the engineers using systems in Meta may not be able to understand what is happening because, according to one Meta engineer, “it is not possible for humans to understand”.

He added that Meta was unable to respond when ordered to produce information about what 149 different data systems within Meta do and what parts of the business use them – despite having conducted a year-long investigation of those systems.

He argued that Meta cannot comply with the provisions of the DMA, one of which prohibits Big Tech firms from automatically using data from one part of their business to prop up other parts, because it cannot “distinguish data uses for separate core platform services”.

“Meta’s inability to know and account for how it uses data internally not only makes it impossible to comply with the DMA, but also infringes the GDPR, too,” Ryan went on.

‘Contrary to contestability and fairness’

A senior fellow of the ICCL, Ryan has long been critical of Big Tech in the EU – as well as the Irish Data Protection Commission’s handling of GDPR complaints against these companies.

He told an Oireachtas committee last year that Ireland had become a “bottleneck of GDPR investigation and enforcement” and the Irish data watchdog had failed to resolve 98pc of cases important enough to be of concern across the EU – a claim disputed by the Data Protection Commission.

Last month, Ryan wrote in a letter to the European Ombudsman that the Commission “has produced little to indicate that it has diligently monitored Ireland’s application of the GDPR” at a time when “the fundamental rights of all Europeans hang in the balance”.

In his latest criticism of Meta, Ryan argues that infringements of the GDPR are “contrary to contestability and fairness in the market” and urged the European Commission to take certain immediate steps.

“The Commission should obtain from Meta a complete and granular list of each data processing purpose, and all relevant information about its data processing,” he wrote.

He also urged the Commission to be prepared to impose “structural remedies” on Meta under the DMA – including the possibility of breaking Meta up.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Vish Gain is a journalist with Silicon Republic