The Irish DPC has opened an EU-wide investigation into the EU's biggest budget carrier, questioning whether its use of facial recognition to verify the identities of passengers that booked through third-party sites is compliant with GDPR terms.
Irish DPC has handed down a €390 million fine to Meta over its targeted advertising practices on Facebook and Instagram. The fine stems from a long legal battle over Meta's claim that users enter into an implicit contract agreeing to receive personalized ads when they accept the terms of service.
The Irish DPC probe centers on an API vulnerability that appears to have been exploited by multiple parties before being detected and remediated. The data breach first came to light in August and was acknowledged by Twitter.
Losing Ireland "main establishment" status means that any national DPA in the EU could bring direct GDPR action against Twitter on behalf of its citizens without the standard collaborative process that ultimately funnels everything through the Irish DPC.
noyb has leaked documents that show Facebook approached the EDPB with their concept of “user contracts” that sidestep GDPR rules for user consent after numerous receptive meetings with the Irish DPC.
Privacy activism group noyb, which has made headlines for its high-profile cases against Facebook in the EU, has brought a corruption complaint against the Irish DPC over its handling of a case that dates back years.
Proposed fruits of the Irish DPC's three-year investigation into Facebook's consent and transparency violations are GDPR fines that would amount to a maximum of about $36 million to $42 million, or what the company makes roughly every two hours.
Facebook has now exhausted its options for legal challenges as the Irish DPC has ended its stay on the EU-US data transfer ban. The company may be ordered to stop transfers as early as this summer.