BEERG Newsletter - GDPR: Meta’s Irish fines top €1.3bn as DPC detects EDPB over-reach?

Derek Mooney writes: On January 4th the Irish Data Protection Commission announced that it was fining Meta Ireland €210 million (for breaches of the GDPR relating to its Facebook service), and €180 million (for breaches in relation to its Instagram service). It also gave Meta Ireland 3 months to bring its data processing operations into compliance.

These latest twin fines bring Meta’s total regulatory bill to over €1.3bn in Ireland over the last 16 months. A not insignificant amount, even to the Tech giant, but, in a move that could have even greater consequences for data privacy across the EU, the final paragraph of DPC statement announcing the fine also fired a major warning shot across the bow of the European Data Protection Board(EDPB), saying:

“The EDPB does not have a general supervision role akin to national courts in respect of national independent authorities and it is not open to the EDPB to instruct and direct an authority to engage in open-ended and speculative investigation… 

…the DPC considers it appropriate that it would bring an action for annulment before the Court of Justice of the EU in order to seek the setting aside of the EDPB’s directions.”

This is the DPC stating that it will take the EDPB to the ECJ/CJEU. 

The latest investigations in Meta were the subject of months of wrangling between the DPC and the EDPB, with the EDPB briefing that the DPC was too lenient in its past dealings with tech companies headquartered in Ireland. For a background to this situation see this detailed article from Sept 2022 by Robert Bateman. 

The EDPB has since stated that it wishes to see new investigations conducted by the DPC spanning all of Facebook and Instagram’s processing operations. The DPC views this move as the EDPB purporting to instruct or to direct it to act – a clear attempt by the EPDB to exceed its authority.

Another phrase that it could use to describe this situation is: overreach — it’s the phrase used by a former European Court of Justice Advocate General Michal Bobek, as we set out in over 2022 BEERG preview, and several other articles. BEERG has long argued that several data watchdogs were seeking to overreach their powers, it is fascinating to see that it is a member state watchdog which has decided to push back.