Facebook's Irish Privacy Probe Nears Conclusion This Summer
Facebook's Irish Privacy Probe Nears Conclusion This Summer
(Bloomberg) -- The first of more than a dozen active investigations into large U.S. technology companies by Ireland’s privacy office could wrap up by the end of the summer, Irish Data Protection Commissioner Helen Dixon told a congressional panel in Washington Wednesday.
Dixon’s office is investigating companies including Facebook Inc. and its Instagram unit, Twitter Inc., and Apple Inc. for violations of the European Union’s data privacy rules, according to Dixon’s prepared testimony at a Senate Commerce Committee hearing on privacy. The office is investigating 17 tech companies among a total of 51 large-scale privacy investigations the office has launched since May 2018, she added.
"In the coming months, over the summer, we will conclude decisions in some of them," Dixon told the panel. The investigations are complex and take time to resolve because "the sanctions are significant" and the office has to allow the companies ample time to respond at various stages along the way, she said.
Dixon’s investigation of Facebook is the most advanced and likely to conclude by August or September, Dixon told Bloomberg Law last month. She has said she is willing to bring maximum penalties for gross violations of the EU privacy law. The probe into the company is still poised to be the first to wrap up, a person familiar with the matter said Tuesday.
Facing Fines
Companies can face fines of up to 4 percent of annual revenue or 20 million euros ($22.5 million), whichever is greater, for violating the General Data Protection Regulation. If Dixon’s office finds that Facebook did so, it could result in over $2 billion in fines for Facebook, based on its fiscal year 2018 revenue of $55.8 billion.
Facebook, which is facing multiple investigations around the world into its privacy practices, estimated April 24 it will cost as much as $5 billion to resolve a U.S. Federal Trade Commission probe into whether its handling of data that was transferred to political consultancy Cambridge Analytica violated a 2011 privacy settlement. Facebook took a $3 billion charge related to the matter.
The panel, which is at the forefront of congressional efforts to pass a national data privacy law, also asked Dixon about the EU’s approach to regulation as it works on a measure that would regulate vast swaths of the digital economy in the U.S.
John Thune, the No. 2 Republican in the Senate, who was recently added to a bipartisan group of committee members working on the issue, told reporters after a Tuesday meeting of the lawmakers that "there are a number of pieces of it that I think have been agreed upon."
Democrats still want concessions before they would agree to a bill that overrides state laws, including California’s privacy statute that passed last year, said Thune, of South Dakota.
Majority Leader Mitch McConnell, of Kentucky, is open to pushing through the final bill and said it would be "a possibility to get through the Senate," Thune added.
Companies are also pressing for a federal law, spurred by concerns about the headaches of complying with proliferating state requirements. Consumer advocates have said preemption of state laws would weaken the toughest legislative protections and Democrats have warned they won’t sign onto legislation that dilute existing rules.
Senator Richard Blumenthal, a Democrat from Connecticut who is also part of the working group, said during the hearing that he would "oppose any effort that preempts state laws so as to weaken protection for consumers." He called for a bill that was "even more rigorous and more protective" than California’s.
During the hearing, the panel’s chairman, Roger Wicker, a Republican from Mississippi, called for giving consumers "a strong, consistent federal law" as well as "more transparency, choice and control over their information," along with simplified privacy notices.
Washington state Senator Maria Cantwell, the top Democrat on the committee, also joined the working group, which includes Wicker, Blumenthal, Kansas Republican Jerry Moran and Hawaii Democrat Brian Schatz. Wicker, in announcing the move, said Thune and Cantwell would help the group "develop the consensus needed to move this legislation forward in the coming months."
During the hearing, Cantwell called for "a more proactive approach to cybersecurity" as a part of efforts to ensure privacy.
"We need to make sure that the culture of monetizing our personal data at every twist and turn is countered with the protection of people’s personal data," she said.
©2019 Bloomberg L.P.