According to a draft decision published by the complainant on Wednesday, Ireland’s Data Protection Commission (DPC) has recommended fining Facebook up to 36 million euros in one of more than a dozen probes it has initiated into Facebook.
The European Union’s 2018 data protection guidelines states that, the DPC must now share the preliminary ruling with all relevant EU supervisory authorities and consider their views before issuing a final verdict.
Due to the location of their EU headquarters in Ireland, the Irish commission is the principal regulator for Facebook and many other of the world’s leading digital companies under the bloc’s “One Stop Shop” data regime.
Max Schrems, an Austrian privacy campaigner, filed the complaint, which centred on the legality of Facebook’s processing of personal data, particularly in relation to its terms of service.
According to the draft decision published by Schrems’ digital rights group NOYB, the DPC proposed a fine of 28 million to 36 million euros for Facebook’s failure to disclose sufficient information.
The DPC’s spokesman said the draft decision has been sent to the other supervisory authorities and had no further comment as the process is still ongoing.