Intervention of the European Union Privacy Guarantee
The notable event is the first of its kind in EDPB Urgent binding decision in accordance with Art. 66 At the request of the GDPR Hamburg Supervisory Authority (DE -HH SA) – via the Irish Authority – Whatsapp is blocking data processing across Europe.
Article 66 guarantees “In exceptional circumstances, when a supervisory authority considers an urgent need to protect the rights and freedoms of data subjects in its territory, it may take up to three months’ interim action with legal effect in its territory “EDPB. GDPR (art.63 GDPR) or one-stop-shop mechanism (art.60 GDPR). ) And take steps to discredit the stability mechanism, according to which only Ireland will work on Facebook-Whatsapp.
On the one hand, the EDPB decided not to meet the conditions for proving the existence and urgency of a violation. Therefore, the EDPB decided that Ireland should not take appropriate action against Facebook in this case.
So a message of satisfaction from Facebook: he escaped from it. at the moment.
On the other hand, “based on the evidence provided, EDPB concludes that Facebook IE (Ireland) already has a high potential to treat WhatsApp IE user data as a (joint) controller, and to improve the protection and integrity of WhatsApp IE and other Facebook companies’ products and companies. “However, in the face of various inconsistencies, ambiguities and uncertainties found in the information addressed to WhatsApp users, in some written commitments made by Facebook IE and in the written observations of WhatsApp IE, the EDPB concludes that what is actually being processed”
In addition, there is not enough information to confirm whether Facebook IE has already begun to process WhatsApp IE user data as a controller (joint) for its own marketing communications, direct marketing needs, and collaborations with other Facebook companies. It is not possible to establish whether Facebook IE has already started or will soon start processing WhatsApp IE user data as a (joint) controller for its own needs in conjunction with the WhatsApp Business API.
Urgent action is required
“The investigation finds that the EDBB issue needs to be expedited, especially in view of the high risk of violations in the security, protection and integrity of WhatsApp IE and other Facebook companies and to improve Facebook companies’ products.”
In particular, in practice, to check whether Facebook companies are performing processing activities, in the context of Facebook or other applications or services that compare the series of other data processed by other Facebook companies with other ranges of Facebook IE user data. Companies, with unique identifiers, have facilitated, among other things. For this reason, the EDPB requests the IE SA to conduct a legal investigation to determine whether or not these processing activities are taking place. , Paragraph 1, letter a), and Article 6, paragraph 1, GDPR “.
“In addition, the EDPB invites IE SA to look into the role of Facebook IE in considering the processing of data for marketing purposes, collaboration with other Facebook companies, and the lack of information related to the WhatsApp Business API, i.e. IE acts as a controller or (joint) with Facebook as a controller regarding these processing activities. “.
A victory for all of us
We knew that the German guarantor from Hamburg had requested the intervention of the European Board, so the EDPB had little time to take a stand.
This is the success of all of us who immediately lit a lamp in the story, even against those who convey the message that nothing will change in the European Union because of GDPR and try to calm the mind. Those were the least likely positions, we said it right away, and now the EDPB is right.
Appropriate to highlight is the board, making sure that there is no evidence of WhatsApp or Facebook violations, but that it does exist. The “high probability of violation” led to the first use of art-based procedures in this situation. 66 of GDPR National authorities, deviating from normal capacity, may impose temporary measures to limit damages and request the intervention of the EDPB.
In this case, the EDPB ordered the Irish Authority to investigate the matter and find out whether the violation was actually justified.
After all, this is not surprising at all. We’ve been talking about this change since WhatsApp announced it. There are a number of new privacy issues, first and foremost The legality of this consent continues to be constantly demanded of users.
Is such consent really free? Not in my opinion. But that, of course, would be consent given to WhatsApp, not Facebook, and as a result, it seems they will not be able to integrate the data even for commercial purposes.
In short, we can only rejoice in this position. We can expect more from the Irish Guarantor Responsive As usual. We would also like to remind you that the Irish Authority must implement the Shrems II decision banning the sending of data to the USA against Facebook for exactly one year. Since the parties involved are the same, now is the right time to move on.
@all rights reserved
Tv fanatic. Amateur food maven. Devoted webaholic. Travel lover. Entrepreneur. Evil writer. Beer guru.