Meta Platforms Ireland Limited, formerly Facebook Ireland Limited, and the "Instagram" social media network September 2022

Document

Cited authorities 33

Cited in

Year	2022
Date	02 September 2022
Section	Decisions made under data protection act 2018

In the matter of the General Data Protection Regulation

DPC Inquiry Reference: IN-20-7-4

In the matter of Meta Platforms Ireland Limited, formerly Facebook Ireland Limited, and

the “Instagram” social media network

Decision of the Data Protection Commission made pursuant to Section 111 of the Data

Protection Act, 2018 and Article 60 of the General Data Protection Regulation

Further to an own-volition inquiry commenced pursuant to Section 110 of the Data

Protection Act, 2018

DECISION

Decision-Maker for the Commission:

Helen Dixon

________________________________

Commissioner for Data Protection

Dated the 2nd day of September 2022

Data Protection Commission

21 Fitzwilliam Square South

Dublin 2, Ireland

Contents

A. Introduction ........................................................................................................................................ 1

B. Background ......................................................................................................................................... 1

B.1 The Instagram service ................................................................................................................... 1

B.2 Issues referred to Facebook by David Stier .................................................................................. 3

B.3 Issues referred to Supervisory Authorities by David Stier ............................................................ 4

B.4 Introduction of “creator accounts” and modification of Instagram business accounts ............... 4

B.5 Supervisory engagement between the DPC and FB-I ................................................................... 5

B.6 Preliminary assessment of Mr Stier’s allegations by the DPC ...................................................... 6

C. Commencement and Scope of Inquiry ............................................................................................... 7

C.1 Inquiry actions to date .................................................................................................................. 7

C.2 Temporal scope of Inquiry ............................................................................................................ 9

C.3 Material scope of Inquiry .............................................................................................................. 9

C.4 Assessment of FB-I’s compliance with the GDPR, and consideration of corrective powers ...... 12

D. Preliminary legal and procedural issues ........................................................................................... 14

D.1 Competence of the DPC as lead supervisory authority .............................................................. 14

D.2 Procedural issues raised by FB-I prior to the Preliminary Draft Decision................................... 15

D.3 Purported DPC reliance on draft guidance ................................................................................. 16

D.4 Legal, factual and procedural issues raised by FB-I concerning the DPC assessment of the

purpose of public by default processing............................................................................................ 18

Consideration of FB-I’s submissions on the DPC assessment of the purpose of processing ........ 19

Factual assessment of the purpose o f public-by-default processing ........................................... 21

Procedural issues regarding the purpose of public-by-default processing .................................. 25

Preliminary conclusion on the purpose of public-by-default processing ..................................... 29

D.6 Assessmen t of “risk” in the context of the GDPR ....................................................................... 30

D.7 Purported failure on the part of the DPC to provide a “Statement of Facts” ............................ 31

E. Consideration of Article 6 GDPR ....................................................................................................... 32

Compliance with Article 6(1) GDPR .................................................................................................. 32

Submissions of FB-I regarding Article 6 GDPR .................................................................................. 32

Analysis and findings of the DPC ....................................................................................................... 35

Assessment of processing on the basis of Article 6(1)(b) GDPR ................................................... 35

Assessment of processing on the basis of Article 6(1)(f) GDPR .................................................... 42

F. Assessment of FB-I’s Compliance with Articles 5(1)(a), 12 and 13 GDPR ......................................... 55

F.1 Compliance with Articles 5(1)(a), 12(1), and 13 GDPR ............................................................... 55

iii

F.2 Submissions of FB-I regarding transparency ............................................................................... 63

F.3 Analysis and findings of the DPC ................................................................................................. 65

Consideration of first transparency obligation ............................................................................. 65

FB-I’s submissions in response to the PDD ................................................................................... 68

Conclusion and Finding 1 .............................................................................................................. 69

Consideration of second transparency obligation ........................................................................ 73

FB-I’s submissions in response to the PDD ................................................................................... 79

Conclusion and Finding 2 .............................................................................................................. 82

Consideration of third transparency obligation ............................................................................ 82

Conclusion and Finding 3 .............................................................................................................. 83

Consideration of fourth transparency obligation ......................................................................... 83

FB-I’s submissions in response to the PDD ................................................................................... 85

Conclusion and Finding 4 .............................................................................................................. 88

G. Assessment of certain matters concerning Articles 24, 25 and 35 GDPR ........................................ 89

G.1 Nature, scope, context and purpose of the processing ............................................................. 89

Nature of processing ..................................................................................................................... 89

Scope of processing ...................................................................................................................... 89

Context of processing ................................................................................................................... 90

Purposes of processing ................................................................................................................. 97

G.2 Risks of varying likelihood and severity resulting from the processing ..................................... 98

Risks described in FB-I’s Legitimate Interests Assessments ......................................................... 99

NSPCC Reports concerning Instagram ........................................................................................ 104

The Berglas Report ...................................................................................................................... 106

Conclusion ................................................................................................................................... 117

G.3 Technical and organisational measures, and safeguards implemented by FB-I with regard to

processing ....................................................................................................................................... 117

FB-I’s measures and safeguards regarding the processing at issue ............................................ 118

Measures and safeguards concerning the publication of contact information of child users ... 127

Measures and safeguards regarding the public-by-default audience setting ............................ 131

Conclusion regarding measures and safeguards ........................................................................ 136

H. Assessment of FB-I’s Compliance with Article 35 GDPR ................................................................. 138

H.1 Compliance with Article 35 GDPR ............................................................................................ 138

H.2 Submissions of FB-I regarding Article 35 GDPR ........................................................................ 139

H.3 Analysis and findings of the DPC regarding Article 35 ............................................................. 141

To continue reading

Request your trial

Subscribers can access the reported version of this case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the cited cases and legislation of a document.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the documents that have cited the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the revised versions of legislation with amendments.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see any amendments made to the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a visualisation of a case and its relationships to other cases. An alternative to lists of cases, the Precedent Map makes it easier to establish which ones may be of most relevance to your research and prioritise further reading. You also get a useful overview of how the case was received.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the list of results connected to your document through the topics and citations Vincent found.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Meta Platforms Ireland Limited, formerly Facebook Ireland Limited, and the "Instagram" social media network September 2022

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users