Inquiry into Meta Platforms Ireland Limited - December 2022

Document

Cited authorities 19

Cited in

Section	Decisions made under data protection act 2018

An Coimisiún um Chosaint Sonraí, 21 Ce arnóg Mhic Liam, Baile Átha Cliath 2.

Data Protection Commission, 21 Fitzwilliam Square, Dublin 2.

www.cosantasonrai.ie | www.dataprotection.ie | eolas@cosantasonrai. ie | info@dataprotection.ie Tel: +353 (0)76 1104800

In the matter of the General Data Protection Regulation

DPC Inquiry Reference: IN-18-5-7

In the matter of TSA, a complainant, concerning a complaint directed against Meta Platforms Ireland

Limited (formerly Facebook Ireland Limited) in respect of the Instag ram Service

Decision of the Data Protection Commission made pursuant to Section 113 of the Data Protection Act, 2018

and Articles 60 and 65 of the General Data Protection Regulation

Further to a complaint-based inquiry commenced pursuant to Section 110 of the Data Protection Act 2018

DECISION

Decision-Maker for the Commission:

Helen Dixon

________________________________

Commissioner for Data Protection

Dated the 31st December 2022

Data Protection Commission

21 Fitzwilliam Square South

Dublin 2, Ireland

1. Introduction .......................................................................................................................... 4

2. Factual Background and the Complaint ..................................................................................... 4

FACTUAL BACKGROUND .................................................................................................................................. 5

OVERVIEW OF THE COMPLAINT ........................................................................................................................ 8

Legal Basis of Processing ........................................................................................................................ 8

Transparency ....................................................................................................................................... 10

Corrective Powers ................................................................................................................................ 11

SCOPE OF THE COMPLAINT ............................................................................................................................ 11

3. Issue 1 – Whether Clicking on the “Agree to Terms” Button Constitutes or must be consent for the

purposes of the GDPR ..................................................................................................................15

Introduction ............................................................................................................................................. 15

Relevant Provisions .................................................................................................................................. 15

Whether Clicking “Agree to Terms” Constitutes Consent for the Purposes of the GDPR ......................... 16

Whether Meta Ireland must rely on Consent ........................................................................................... 19

4 Issue 2 - Reliance on 6(1)(b) GDPR as a lawful basis for personal data processing ..........................24

Introduction ............................................................................................................................................. 24

Relevant Provisions .................................................................................................................................. 24

Assessment of whether Meta Ireland was entitled to Rely on Article 6(1)(b) GDPR ................................ 25

Relat ionship between the Term s of Use and the Da ta Policy

................................................................ 25

Whether Meta Ireland wa s Entitled to Rely on Article 6(1)(b) GDPR

..................................................... 27

Finding 2: ............................................................................................................................................. 49

5 Issue 3 – Whether Meta Ireland provided the requisite information on the legal basis for processing

on foot of Article 6(1)(b) GDPR and whether it did so in a transparent manner ....................................49

Introduction ............................................................................................................................................. 49

Relevant Provisions .................................................................................................................................. 50

The “Layered” Approach ...................................................................................................................... 52

Information provided to the Data Subject in respect of the purposes and/or legal basis of processing .. 55

Information provided by Meta Ireland in relation to Processing in accordance with Article 6(1)(b) ........ 67

Whether Meta Ireland Comp lies with Article 5(1)(a), 12( 1) and 13(1)(c) GDPR ...................................... 73

Article 5(1)(a) GDPR – Principle of Transparency ..................................................................................... 78

Finding 3: ............................................................................................................................................. 81

6 Whether Meta Ireland infringed the article 5(1)(a) principle of fairness .......................................82

Finding 4: ............................................................................................................................................. 85

7 Summary of Findings .............................................................................................................86

8 Decision on Corrective Powers ...............................................................................................86

9. Order to Bring Processing into Compliance ..............................................................................87

10. Administrative Fine ...........................................................................................................91

ARTICLE 83(2)(A): THE NATURE, GRAVITY AND DURATION OF THE INFRINGEMENT TAKING INTO ACCOUNT THE NATURE

SCOPE OR PURPOSE OF THE PROCESSING CONCERNED AS WELL AS THE NUMBER OF DATA SUBJECTS AF FECTED AND THE

LEVEL OF DAMAGE SUFFERED BY THEM ........................................................................................................... 105

ARTICLE 83(2)(B): THE INTENTIONAL OR NEGLIGENT CHARACTER OF THE INFRINGEMENT ........................................ 118

ARTICLE 83(2)(C): ANY ACTION TAKEN TO MITIGATE THE DAMAGE TO DATA SUBJECTS ............................................ 123

ARTICLE 83(2)(D): THE DEGREE OF RESPONSIBILITY OF THE CONTROLLER OR PROCESSOR TAKING INTO ACCOUNT TECHNICAL

AND ORGANISATIONAL MEASURES IMPLEMENTED BY THEM PURSUANT TO ARTICLES 25 AND 32 ............................... 1 24

ARTICLE 83(2)(E): ANY RELEVANT PREVIOUS INFRINGEMENTS BY THE CO NTROLLER OR PROCESSOR ........................... 126

ARTICLE 83(2)(F): THE DEGREE OF COOPERATION WITH THE SUPERVISORY AUTHORITY, IN ORDER TO REMEDY THE

INFRINGEMENT AND MITIGATE THE POSSIBLE ADVERSE EFFECTS OF THE INFRINGEMENT ........................................... 128

ARTICLE 83(2)(G): THE CATEGORIES OF PERSONAL DATA AFFECTED BY THE INFRINGEMENT ..................................... 129

ARTICLE 83(2)(H): THE MANNER IN WHICH THE INFRINGEMENT BECAME KNOWN TO THE SUPERVISORY AUTHORITY, IN

PARTICULAR WHETHER, AND IF SO TO WHAT EXTENT, THE CONTROLLER OR PROCESSOR NOTIFIED THE INFRIN GEMENT .. 131

ARTICLE 83(2)(I): WHERE MEASURES REFERRED TO IN ARTICLE 58(2) HAVE PREVIOUSLY BEEN ORDERED AGAINST THE

CONTROLLER OR PROCESSOR CONCERNED WITH REGARD TO THE SAME SUBJECT-MA TTER, COMPLIANCE WITH THOSE

MEASURES ................................................................................................................................................ 131

ARTICLE 83(2)(J): ADHERENCE TO APPROVED CODES OF CONDUCT PURSUANT TO ARTICLE 40 OR APPROVED CERTIFICATION

MECHANISMS PURSUANT TO ARTICLE 42 ........................................................................................................ 132

ARTICLE 83(2)(K): ANY OTHER AGGRAVATING OR MITIGATING FACTOR APPLICABLE TO THE CIRCUMSTANCES OF THE CASE,

SUCH AS FINANCIAL BENEFITS GAINED , OR LOSSES AVOIDED, DIRECTLY OR INDIRECTLY, FROM THE INFRINGEMENT ........ 132

WHETHER TO IMPOSE AN ADMINISTRATIVE FINE ............................................................................................. 134

11 OTHER RELEVANT FACTORS ........................................................................................................ 146

ARTICLE 83(3) GDPR ................................................................................................................................ 146

ARTICLE 83(5) GDPR ................................................................................................................................ 152

SUMMARY OF ENVISAGED ACTION ................................................................................................................ 157

To continue reading

Request your trial

Subscribers can access the reported version of this case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the cited cases and legislation of a document.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the documents that have cited the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the revised versions of legislation with amendments.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see any amendments made to the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a visualisation of a case and its relationships to other cases. An alternative to lists of cases, the Precedent Map makes it easier to establish which ones may be of most relevance to your research and prioritise further reading. You also get a useful overview of how the case was received.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the list of results connected to your document through the topics and citations Vincent found.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Inquiry into Meta Platforms Ireland Limited - December 2022

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users