WhatsApp and Twitter are facing “blockbuster” GDPR fines from the EU’s top privacy regulator after the Irish Data Protection Commissioner signalled its first rulings will send out a strong message to the technology industry.
Speaking to the Irish Independent, Commissioner Helen Dixon said her office has recently hired specialist lawyers to advise on the scale of monetary penalties to be imposed, adding that last year’s $5bn (£4bn) fine against Facebook by the US authorities will be a “relevant” gauge in Europe’s response.
Dixon said: “A very relevant factor in terms of what quantum will create deterrence is the level of fines already existing globally in the area. So if you ask whether the Federal Trade Commission fine is relevant, it is.
“Under the GDPR, deterrence is a particularly important reason why the fines are included. They could have stopped at the corrective measures. But the fines are there to be punitive and give rise to deterrence. And deterrence is based on what’s already in the [fine] landscape.”
Dixon’s remarks are being seen as an attempt to stamp the Irish DPC’s authority, following criticism over its lack of action so far. Last week, the Germans claimed that the regulator “clearly needs better financing and more staff”.
However, Dixon rejected that, saying the Irish office must be scrupulous in ensuring decisions are protected from legal challenges, especially large fines. The UK Information Commissioner’s Office is still battling to get its first two proposed fines – against British Airways and Marriott International – through the legal wrangling.
The Irish office has confirmed it has two dozen separate statutory GDPR inquiries under way into tech multinationals. Facebook represents the majority of the cases, through its subsidiaries Instagram and WhatsApp. Apple has three open inquiries, while Twitter, Google, Verizon, Quantcast and Tinder are also being investigated.
In August last year, Dixon said that her office’s first GDPR ruling was likely to be against Facebook-owned WhatsApp. However, she insisted it was likely to take months rather than days to arrive at a formal decision, due to a statutory process of “examination and analysis”. Her office has since said that a decision on Twitter is also imminent.
Top EU data cop cutback threat triggers EU complaint
Irish raid forces Facebook to dump dating app launch
Now Google faces fresh GDPR probe into location data
Swipe out: Irish regulator probes Tinder GDPR breach
Oops we did it again: Twitter admits fresh data gaffe
Verizon faces GDPR probe as WhatsApp decision looms
$5bn Facebook fine blasted as ‘just a slap on the wrist’
Irish data regulator launches inquiry into adtech giant
Irish confirm seven GDPR probes as Facebook turns 15
Watchdog collars Facebook over messenger merger plan
Irish data chief hits back over GDPR ‘soft touch’ claims