Verizon Media, the company behind the Huffington Post, Yahoo and AOL, is facing a major GDPR investigation by the Irish Data Protection Commission, following a flood of complaints across the EU over its use of online cookies.
The probe is the 21st statutory GDPR inquiry that the DPC has launched into multinational tech giants; more than half relate to Facebook, eight directly focus on the main site, two for WhatsApp and one into Instagram. The Irish office also has three probes into Apple, and one each into Google, LinkedIn and Quancast. In total, it has 61 official investigations under way.
Commenting on the Verizon probe, Commissioner Helen Dixon said: “It’s specifically into transparency issues. There were more than 38 complaints redirected to us by other EU data protection authorities. Those authorities were in receipt of a significant volume of complaints from individuals, specifically relating to services by media sites.”
Dixon added that some of the complaints related to the fact that “effectively there’s no choice when cookie banners are offered. The only option seems to be to click OK”.
Verizon Media also runs Engadget and TechCrunch; it is currently in the process of selling social media platform Tumblr to Automattic, which owns WordPress.
In an interview with the Irish Independent, Dixon said that her office’s first GDPR ruling is likely to be against WhatsApp, with the file expected to land on her desk in the next fortnight.
When asked what action was likely, in light of the recent massive fine handed down to Facebook by the US authorities, Dixon responded: “We’re not really looking at $5bn or what the FTC has done. We’ve got to look at this fairly under the legal framework that we have.
“One criticism of the FTC’s decision is that it has done nothing to change Facebook’s business model, or the way that Facebook will handle personal data. The decisions that we make here have to have an impact, in terms of how GDPR must be applied.”
However, she insisted it is likely to take months rather than days to arrive at a formal decision, due to a statutory process of “examination and analysis”.
She added: “I’d like to say that we could do it in 48 hours, but it has to be in the order of months, to be done in the way that it has to be done. I will have to allow them a period of time to respond. I would have to consider their responses.”
Last month, the UK Information Commissioner’s Office was accused of showing a “staggering” lack of judgement by issuing a notice of intent to fine British Airways £183.39m before the airline had had the opportunity to contest the ruling. Just 24 hours later, the ICO issued another notice of intent to fine Marriott International £99m.
However, the regulator insisted it was simply issuing statements in response to announcements made by both companies to the stock markets.
$5bn Facebook fine blasted as ‘just a slap on the wrist’
ICO shows ‘staggering’ lack of judgement over BA case
Now Marriott takes a £99m battering for GDPR failings
BA faces record £183m GDPR fine for data meltdown
Denham under fire over ‘unchallenged’ Facebook fine
Irish data regulator launches inquiry into adtech giant
Irish confirm seven GDPR probes as Facebook turns 15
Watchdog collars Facebook over messenger merger plan