Brief overview of “information technology” news for the weeks of 12, 19, 26 December 2022 and 2 January 2023 – IP/IT and Communications

Data protection

Meta’s censure by DPC, Ireland’s data protection authority, restricted by its peers!

  • On May 25, 2018, the day GDPR came into force, Irish authorities fined Meta, the parent company of Facebook and Instagram (finally!) 390 million, following complaints by Max Schrems’ association Neub. euro.
    Most of the processing operations carried out by Meta are based on the contract concluded with the users of the platforms (general terms of use), including one of the giant’s flagship activities: behavioral advertising. Also, it is impossible for the user who wants to access the Facebook and Instagram services without targeted advertising to violate his consent: refusal to accept the T&C prevents him from entering the platforms, acceptance of the CGU forces him to accept it. behavioral advertising related to the services he wants to access.
    According to Meta, Facebook and Instagram provide personalized services that include personalized or behavioral advertising. This system is at the heart of the model accepted by users. The Irish authorities primarily believe that Meta has failed to fulfill its obligations in terms of transparency, but complaints about the mandatory nature of consent cannot be sustained, as the processing is unreasonable and does not require users’ consent.
    The EDPS, which intervened in the procedure under the enhanced cooperation procedure due to a lack of consensus in the face of objections from some authorities who considered the solution proposed by the Irish authorities to be too lenient, rejects the use of the treaty as a legal basis. for behavioral advertising purposes.
    Combining these mandatory orders, the Irish authorities finally order Meta to pay 390 million euros and fulfill the amount within 3 months. Therefore, the specific and separate consent of platform members should be required for personalized advertising in the future.
    This sanction comes at the end of the implementation of the enhanced cooperation procedure between the regulatory authorities provided for in Article 60 of the GDPR and demonstrates all the usefulness and possibilities of such a mechanism, in particular in front of the forum methods. This purchase carried out by the Internet. It was stated that the players who will decide on the position of the president can be more hesitant about the condemnation. The EDPS has also asked the Irish authorities to conduct a new investigation covering all of Facebook and Instagram’s data processing operations, specifically examining the specific categories of personal data that may or may not be processed as part of those operations.
    However, the Irish authorities have indicated that they are considering appealing to the Court of Justice of the European Union based on the illegality of the Committee’s mandatory instructions. It’s worth noting that it’s surprising that the decision submitted to Meta was not forwarded to the other party (Noyb, an online liberties group) because Meta had to redact anything they deemed “sensitive”. decision. Therefore, the decision is not yet announced.

Conviction of Apple by the CNIL on December 22, 2022

  • The CNIL fined Apple €8 million for failing to obtain the consent of French iPhone users (previous version iOS 14.6) before installing identifiers used for advertising purposes on their phones.
    The CNIL was seized by the French Digitale association of the complaint regarding the processing carried out by Apple through the iOS and MacOs operating systems. The association specifically criticized the fact that the “Personalized advertising” privacy setting available in the iPhone’s settings is enabled by default. Enabled by default, this setting prevented users from properly collecting their prior consent…

Leave a Reply

Your email address will not be published. Required fields are marked *