Facebook, Google and Twitter in data regulators’ sights

Social media giant Facebook and its subsidiaries Instagram and WhatsApp have been the subject of most data investigations in the Republic of Ireland since the European Union’s new data protection regulation came into force a year ago.

Most of the major US tech companies, including Facebook, Google, Microsoft, Twitter, Apple, LinkedIn, Airbnb and Dropbox, are registered for processing personal data in Ireland.

Ireland’s Data Protection Commission says it has launched 19 statutory investigations, 11 of which focus on Facebook, WhatsApp and Instagram.

Twitter and LinkedIn are also under investigation, and last week the commission launched a probe in to Google over the way it uses personal data to provide targeted advertising.

This follows on from Google’s €50m ($56m; £44m) fine imposed by French data regulator CNIL for “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation”.

social media

Google is appealing against the decision.

So the responsibility for policing their compliance with the EU’s General Data Protection Regulation (GDPR) – which started in May 2018 – falls on the country’s Data Protection Commission (DPC).

Nine of the DPC’s investigations were launched after complaints from individuals or businesses, while 10 have been instigated by the DPC itself.

The most common concerns are about the legal basis for processing personal data, lack of transparency about how a company collects personal data, and people’s right to access their data.

“There has been a huge increase in awareness among individuals about their data rights since GDPR came in,” says Graham Doyle, the DPC’s head of communications.

This has led to a steep rise in complaints, with the number increasing from 2,500 in 2017 to more than 6,500 now, says Mr Doyle.

An office of 27 staff has had to be beefed up to more than 130. Mr Doyle expects the number to rise eventually to more than 200 over the next year or so.

A Facebook spokesperson said: “We spent more than 18 months working to ensure we comply with the GDPR.

“We made our policies clearer, our privacy settings easier to find and introduced better tools for people to access, download, and delete their information. We are in close contact with the Irish Data Protection Office to ensure we are answering any questions they may have.”