The Irish DPC agreed with Facebook’s legal basis for processing user data (for purposes of performing a contract which its users were party to), which included processing for behavioural advertising purposes and is supported by provisions in its Terms of Service; however, the DPC found that Facebook’s privacy notice was disjointed, incomplete and lacked transparency (potentially misleading users on the processing basis), proposing a fine between €28,000,000 and €36,000,000, and ordering compliance within 3 months.
Related Posts
Irish National Police Data Leak Highlights Third-Party Risk
The recent data breach incident involving the Irish National Police. This breach underscores the critical importance of addressing…
Zoom To Use User Content to Train AI
Zoom's recently updated terms and conditions allow for some concerning practices surrounding AI which has caused concern in the industry
European Commission Adopts EU-US Adequacy Decision
A new EU-US Data Privacy Framework has been adopted by the European Commission saying it allows for safe data transfer between the EU and US.