Tech

Twitter and Facebook could be facing billions in fines after Ireland investigations

Key Points
  • Ireland's Data Protection Commission has concluded investigations into Facebook's WhatsApp and Twitter over possible breaches of EU data privacy rules, a spokesperson for the agency told CNBC Monday.
  • The investigations will now move into the decision-making phase.
  • Companies can be fined up to 4% of global annual revenues for breaching Europe's data privacy rules.
Mark Zuckerberg, chief executive officer and founder of Facebook Inc. attends the Viva Tech start-up and technology gathering at Parc des Expositions Porte de Versailles on May 24, 2018 in Paris, France.
Christophe Morin/IP3 | Getty Images News | Getty Images

Ireland's Data Protection Commission has concluded investigations into Facebook's WhatsApp and Twitter over possible breaches of EU data privacy rules, a spokesperson for the agency revealed to CNBC Monday.

The investigations will now move into the decision-making phase, according to Graham Doyle, head of communications for Ireland's DPC. During this next phase, Ireland's chief data regulator, Helen Dixon, will issue draft decisions, which are expected to come toward the end of the year.

These would mark Ireland's first decisions related to U.S. multinational companies since Europe's privacy law called the General Data Protection Regulation (GDPR) went into effect on May 2018.

In her draft decisions, Dixon will determine the penalty, if any, that either company faces for breaching data privacy rules. Companies can be fined up to 4% of global annual revenues for breaching Europe's data privacy law called GDPR. For Facebook, that could mean a fine of more than $2 billion based on its fiscal year 2018 revenue.

Because many big tech companies have their EU headquarters in Ireland, the Irish DPC supervises the firms under GDPR. Ireland's DPC has opened more than a dozen investigations into big tech companies including Facebook, Apple, Google and Twitter.

VIDEO4:5104:51
One year on, can GDPR go global?

Doyle said the commission had now concluded its investigation into WhatsApp in a case it opened last year related to transparency. The DPC, according to its annual report, has been examining whether WhatsApp had provided information in a transparent way to users and non-users of the app's services.

The DPC has also concluded its investigation into Twitter, Doyle said. The investigation was launched in response to a data breach notification it received from Twitter on January 8, 2019.

Commissioner Dixon can now request additional information from Facebook and Twitter in both cases before issuing her decision. Her draft decision will then go to other EU regulators for feedback before a final decision is made.

Facebook and Twitter declined to comment.

Each morning, the “Beyond the Valley” newsletter brings you all the latest from the vast, dynamic world of tech – outside the Silicon Valley.

Subscribe:

By signing up for newsletters, you are agreeing to our Terms of Use and Privacy Policy.