Privacy campaigners have vowed to ensure that the Irish Data Protection Commission carries out its ruling to impose the €225m (£219m) GDPR fine against WhatsApp, amid claims that the “dysfunctional” regulator is more concerned with headlines than with doing the hard groundwork.
Austrian lawyer Max Schrems, the man who has led a ten-year campaign against the “big tech’s” privacy record, bringing down both the Safe Harbour and Privacy Shield data transfer deals in the process, claims it could be years before the case against the Facebook-owned business is finally settled.
In a statement following yesterday’s ruling, Schrems said: “We welcome the first decision by the Irish regulator. However, the DPC gets about ten thousand complaints per year since 2018 and this is the first major fine.
“The DPC was forced by the other European data protection authorities to move towards €225m, which is still only 0.08% of the turnover of the Facebook Group. The GDPR foresees fines of up to 4% of the turnover. This shows how the DPC is still extremely dysfunctional.”
Warning that “years will pass before any fine is actually paid”, Schrems added: “In our cases we often had the feeling that the DPC is more concerned with headlines than with actually doing the hard groundwork.
“It will be very interesting to see if the DPC will actually defend this decision fully, as it was basically forced to make this decision by its European counterparts. I can imagine that the DPC will simply not put many resources on the case or ‘settle’ with WhatsApp in Ireland.
“We will monitor this case closely to ensure that the DPC is actually following through with this decision.”
Schrems and his non-profit privacy organisation NOYB (My Privacy is None of your Business) both have a number of pending cases before the Irish DPC (including on WhatsApp).
He has also made official complaints about Apple, Amazon, Netflix, Spotify and Google, for failing to be upfront about what customer data they collect and what they use it for.
Schrems’ latest initiative has seen more than 400 companies – including major brands – facing GDPR investigations across Europe for using unlawful cookie banners to gain online consent.
Irish up WhatsApp fine 350% to €225m after EDPB call
Facebook nemesis targets sites over consent cookies
Apple cut to the core by new unlawful tracking claims
Decision Marketing at 10: How GDPR changed the world
US tech giants rocked as Privacy Shield gets the chop
Transatlantic data transfers torpedoed once again
Facebook ‘still using illegal safe harbour agreement’
Let battle commence: first GDPR complaints are filed