It doesn’t sound exciting but when data protection hits the news it’s usually because the fines are massive. Earlier this month, the Irish Data Protection Commission (DPC), issued a statement saying it had found that Meta, Facebook’s parent company, had breached EU data protection rules, between June and December 2018, writes Rachel Waller, one of our Data Protection law specialists.
The DPC found that Meta failed to put in place, “appropriate technical and organisational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users’ data”, and issued a fine of €17 million.
A Meta spokesperson said: “This fine is about record-keeping practices from 2018 that we have since updated, not a failure to protect people’s information.
“We take our obligations under the GDPR seriously, and will carefully consider this decision as our processes continue to evolve.”
While GDPR no longer applies to businesses operating solely within the UK, the Regulation has been incorporated into UK data protection law as the UK General Data Protection Regulation, so in practice, the core data protection principles, rights and obligations are still relevant. Solicitors are waiting for the UK government to produce its own reforms on UK data protection laws, and these are due to be announced in a Bill expected in May or June. However, it remains to be seen whether this will deliver better outcomes for people as intended. Hopefully, there will be less of a need for huge fines like those levied against Meta.
If you feel that your privacy rights have been breached, if someone has alleged that you have breached their rights, or if you are otherwise struggling to comply with your obligations, please contact Rachel Waller (with respect to general breaches) or Michael Kashis (with respect to reviewing commercial contracts to ensure compliance of Data Processor and Data Controller obligations under GDPR) by emailing email@example.com
The above is accurate as at 28 March 2022. The information above may be subject to change during these ever-changing times. The content of this note should not be considered legal advice and each matter should be considered on a case-by-case basis.