Data commissioner Helen Dixon: Social media giants could face string of fines, ‘corrective measures’
Facebook and other big tech companies based in Ireland could face a string of fines and “corrective measures” if found negligent of controlling customers’ personal data, Irish Data Protection Commissioner Helen Dixon told a Dublin conference today.
Ms Dixon - whose office is pursuing 21 investigations against Facebook, Twitter, Apple and other US multinationals accused of misusing users’ personal data - was speaking at the Secure Computing Forum at the RDS sponsored by Independent News & Media.
She laughed when Irish Independent Technology Editor Adrian Weckler, moderating the event, asked her whether Facebook - the target, along with its subsidiaries WhatsApp and Instagram, in 11 of the probes - was “in big trouble”.
“When you ask are they in trouble, they are under scrutiny, they are subject to statutory investigation for which, as you said, there can be significant sanctions in the form of administrative fines. But I think even more impactful are going to be the corrective measures that we can apply where we find there are infringements,” Ms Dixon said.
Noting that authorities in the US and Germany were exploring anti-trust and other legal action against social media companies, Ms Dixon said: “There’s a lot of regulators including the Irish Data Protection Commission under the GDPR circling now around the practices of big tech. And there will be outcomes and consequences.”
Ms Dixon noted that the US Federal Trade Commission in July had imposed a record $5bn fine on Facebook for breaching users’ right to data privacy, and her own office could impose fines up to a maximum of 4pc of a company’s annual turnover. But she questioned whether financial penalties alone, even huge ones, would change corporate behaviour.
She noted that Democratic Party members of the FTC had argued that financial punishment “does nothing to change the business model. It’s going to be absorbed as a cost of doing business. And as we sit here today, has it changed anything in terms of how the revenue is derived and how privacy is or isn’t protected?”
She suggested that given the US findings, and the statutory basis of her own office, fines were likely.
“We’re obliged to implement the fines under Article 83 if we find infringement. So it will happen,” she said, referring to the section in GDPR legislation that defines how such fines are calculated and imposed.
She noted that while the FTC imposed “a once-off, large-scale settlement”, her own office would apply fines on an accumulating basis “in every distinct case of infringements. The fines will accumulate for certain companies if they don’t apply any remedial actions.”