Ireland-led GDPR inquiry into Instagram’s use of kids’ data inches on – TechCrunch


DPC, Ireland’s embarrassed data protection regulator, Announced Submission of a draft decision sent to another EUDPA on Friday in connection with an Instagram General Data Protection Regulation (GDPR) investigation into the handling of children’s data over a year ago.

DPC has announced two statutory investigations into Instagram. October 2020Let’s see how social networking giants get a lot of complaints and process their children’s information. Find out what legal grounds Facebook claims to process children’s data on Instagram and see if there are “appropriate safeguards” in place.

The second inquiry was to investigate Instagram profile and account settings. The GDPR is investigating the “adequacy” of settings for children that set very high levels of data protection based on key principles such as “data protection by design and default”.

In today’s statement, DPC’s deputy commissioner Graham Doyle confirmed that regulators have passed the baton to other EU data protection authorities (DPAs) and are considering:

“As the lead supervisor of Facebook / Instagram, we started this inquiry in September 2020. This inquiry is based on the information provided to DPC by a third party and the issue identified by DPC after the Instagram investigation. Started in connection with. User registration process. We submitted a draft decision to our colleagues last week and gave their views. This is part of the process under Section 60 of the GDPR. We will send the draft decision to other relevant supervisors and within a month we will send a “reasonable and relevant objection”. This is the 7th DPC query that has reached the stage of Article 60 under the GDPR. In addition to this Instagram inquiry, two other DPC inquiries to Facebook are currently in the stage of Article 60. “

The submission of draft decisions by key supervisors is a standard part of the regulatory process for cross-border GDPR cases. This allows other DPA to confirm the conclusions of the major DPA and to challenge if disagree. This is what happened with all other DPC draft GDPR decisions related to Big Tech.

So far, only two final decisions have come out of Ireland in such cases. twitter When WhatsApp — Going through this Article 60 review process, both received objections leading to increased penalties (significantly increased for WhatsApp) against DPC’s lower ball proposals.

Ireland’s proposed decision on Instagram could face similar backlash from other data supervisors across the block. Although DPC obscures the conclusion.

Regarding the time frame, it can take more than half a year for the final decision on Instagram complaints to be finalized. This can be determined by the time taken in the process of redoing the previous DPC draft decision.

For Twitter, DPC May 2020, And the final decision has been issued December Same year. While the WhatsApp draft is being submitted January 2021 — But it took until September $ 267 million fine for WhatsApp to be agreed..

As a result, Instagram’s final decision may not arrive by mid-2022.

Meanwhile, social networks have revealed that Facebook whistleblower Frances Haugen leaked thousands of internal documents to the media this fall, over the impact on vulnerable users such as teens. Faces high levels of pressure on home The platform has a toxic effect on the body image of teenage girls..

This week, Instagram chief Adam Mosseri Called to give evidence to the US Senate — As part of a series of online safety hearings for children and teens.And before that, listen to the platform Announced a new safety feature slate Coming for “young people” — including the first parent tool.

Therefore, even if the GDPR decision is finally revealed from an Irish-led Instagram probe, Meta says that the platform has moved to a way to handle children’s data, and that EU orders are already out of date. I can insist.

Criticism of DPC working closely with Meta

The timing of the DPC public notice for Instagram draft submissions comes when regulators are facing a new storm of criticism about their close collaboration with Facebook / Meta: Aka, owns Instagram, and DPC data mining. The main director role, thanks to the high-tech giant (on paper) GDPR (suitable for forum shopping) One Stop Shop (OSS) mechanism that holds the empire.

NS Document Released on Sunday by the European Privacy Campaign Group noyb Regulators are finding that NOYB is requiring what they claim as a “consent bypass” to be included in the EDPB’s GDPR guidelines, so we’ll elaborate on DPC interventions that are in sharp agreement with Facebook’s interests.

Facebook is clearly tuned as it seeks to game GDPR compliance by switching from a consent-based legal basis for processing user data for ad targeting (Facebook is a user behavioral ad). There is a legal problem because you are not free to choose whether to accept or not; certainly, you have no choice unless you stop using Facebook altogether. To agree that it is legal under the GDPR. , Specific, informed and free to be given …) — Due to the enforcement of regulations in 2018, the above consent will be bypassed. It moved to the claim that users of the service were in a contractual agreement with it to actually receive targeted ads … it’s a fairly personal data robbery and should be accepted by European data protection regulators. It was a switcher.

noyb has challenged Facebook with this “compulsory consent” since it first filed a GDPR claim in May 2018.

The DPC hasn’t decided on a complaint yet, but regulars are willing to accept Facebook’s GDPR consent bypass — according to a draft decision published by noybthis. October..

Nonprofits followed up on the revelation by alleging criminal corruption against DPC. last month — Condemning regulators for “procedural extortion”, which demanded noyb to withdraw the decision in writing and pressured Facebook to sign a nondisclosure agreement in connection with ongoing proceedings. Revealed. Regulatory response to noyb also meant excluding a comprehensive confidentiality requirement as a party to the ongoing GDPR process if it did not agree.

noyb argues that there is no legal basis for DPC to gag the surveillance process in this way. (In fact, they are literally required to file a proceeding with a regulatory agency so that they can challenge such allegations in court.)

It also doubles criticism of DPC’s attempts to increase confidentiality by releasing more documentation every Sunday before Christmas, further shedding light on DPC’s internal functions (and critics are dysfunctional).

Regulators have counterattacked with a long counter-argument, but nevertheless have not addressed the key legal points raised by noyb (See, for example, updating this report).

Today, DPC has also published a new one Official statement — Denies “acting maliciously based on a meeting held with Facebook as part of its regulatory role.” Refuses “lobbying” to force the European Data Protection Commission (EDPB) to adopt Facebook’s “best interests” guidelines. And further argue: “These claims are not entirely true.”

However, the statement allows Facebook to provide Facebook between late 2017 and March 2018 with what regulators consider to be “high levels of feedback” to Facebook’s GDPR Preparation Program. ..

We contacted DPC for more information on the feedback provided to Meta / Facebook during this period.

The statement denied that Facebook helped develop the GDPR Consent Bypass, and DPC wrote:[A]In the process of engaging with Facebook, DPC has approved, co-developed, approved, agreed to, or negotiated with Facebook’s processing operations. The DPC should not emphasize to Facebook at any time that it has suggested or intimate Article 6 (1) (b). [“processing is necessary for the performance of a contract”] It was a good legitimate basis for the processing operation. “

But the DPC statement seems to confirm that Did it Discuss the possibility that Facebook will rely on Section 6 (1) (b) as a GDPR compliance strategy, as regulators have specified:There was a debate on this issue … only if you scrutinize Facebook for considerations regarding Article 6 (1) (b) and seek proof of its legal reason. ”

We will update this report if the DPC submits additional explanations for these discussions.

Ireland-led GDPR inquiry into Instagram’s use of kids’ data inches on – TechCrunch Source link Ireland-led GDPR inquiry into Instagram’s use of kids’ data inches on – TechCrunch

The post Ireland-led GDPR inquiry into Instagram’s use of kids’ data inches on – TechCrunch appeared first on California News Times.

Source link


Please enter your comment!
Please enter your name here

Share post:


More like this