Cordery

Legal.Compliance.

  • Our Approach
  • How We Help
  • Solutions
  • Our People
  • News
  • Working @ Cordery
  • Cordery Labs
  • Contact Us

Client Alert: Ireland’s Data Protection Authority Halts Facebook Dating Service

February 13, 2020

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to email this to a friend (Opens in new window)
  • PDF

Yesterday Ireland’s Data Protection Commission (DPC) confirmed that it had visited Facebook’s premises in Ireland over concerns about the data protection aspects of Facebook’s planned new dating service. This is the most high profile ‘dawn raid’ under GDPR to date and has led to the postponement of Facebook’s planned launch tomorrow.

What is this about?

According to the DPC, Facebook told it on 3 February 2020 that it planned to launch a dating service on 14 February 2020. Under GDPR, in some circumstances, data protection authorities (DPAs) have the right to be consulted before processing takes place. They can ask to see a Data Protection Impact Assessment (DPIA). The DPC said that their initial concerns were “further compounded by the fact that no information/documentation was provided to us on 3 February in relation to the Data Protection Impact Assessment or the decision-making processes that were undertaken by Facebook”. As a result the DPC went to Facebook’s offices on 10 February 2020 and gathered documentation for their investigation.

Do DPAs have dawn raid powers?

Essentially yes.

They’re not called dawn raids under GDPR but GDPR doesn’t just give DPAs the power to fine. GDPR Article 58 gives DPAs a host of other powers including:

  1. to order the controller, processor or Data Protection Representative to provide any information it requires for the performance of its tasks;
  2. to carry out data protection audits;
  3. to obtain, from the controller and the processor, access to all personal data and to all information necessary for the performance of its tasks;
  4. to obtain access to any premises of the controller and the processor, including to any data processing equipment and means (this can include equipment like servers);
  5. to order the controller or processor to bring processing operations into compliance with the provisions of GDPR;
  6. to impose a temporary or permanent ban on processing.

What is a DPIA?

DPIAs are one of the key elements of GDPR. They help organisations assess risk and deal with it in a proportionate way.  The DPIA process is not new – the UK DPA issued their first guidance on Privacy Impact Assessments in 2007, but DPIAs received statutory footing under GDPR and are mandatory in some cases.

In this short film Cordery’s Jonathan Armstrong looks at the investigation by the data protection authorities in Ireland into Facebook and the Data Protection Impact Assessment (DPIA) for their dating service. Jonathan then shares some tips on the DPIA process – why is it worth doing and how do you do it?

Let us know if you agree to cookies
We use cookies to give you the best online experience.
Please let us know if you agree to these cookies.
Yes, I agree Decline
No, take me to the settings
Read More – Cordery Cookie Policy
Click here for Cookie Management Dashboard

How can I change my cookie settings?

’Strictly necessary’ cookies can’t be turned off, but they can be disabled by changing your browser settings although this may affect how our website functions. Functional and Performance cookies can be turned on or off below. You can learn more about cookies and what they do on our Cookie Policy page.
Strictly necessary cookies
Always Enabled

These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies services you have asked for, like shopping baskets or e-billing, cannot be provided.

Performance cookies

These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated. It is only used to improve how a website works.

Targeting cookies

These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaigns. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation.

Uncategorized

Undefined cookies are those that are being analyzed and have not been classified into a category as yet.

Advertisement

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Save & Accept
loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.