Tensions are escalating between Ireland’s Data Protection Commission (DPC) and the European Data Protection Board (EDPB) over the handling of privacy regulations for tech companies like Meta, which owns Facebook. The DPC is openly frustrated with the EDPB’s recent decision to impose a ban on Meta, which prevents the company from using certain legal mechanisms to process user data for targeted advertising. This ban, according to the DPC, is counterproductive as it has led to legal disputes without any real benefit to user privacy, especially since Meta is shifting towards a subscription model that seeks user consent for data processing.
The EDPB’s ban, enacted on November 1, was intended to force Meta to comply with GDPR regulations, citing the company’s continuous failure to align its data processing practices with the law. However, by the time the ban was in place, Meta had already been preparing to roll out its subscription service, which launched on November 10. This service was designed to address privacy concerns by obtaining user consent before targeting ads. Despite this, the EDPB proceeded with the ban, leading to an “urgent need to act” stance, which the DPC argues is unnecessary and diverts resources from more pressing issues.
Graham Doyle, the DPC’s deputy commissioner, has expressed significant disappointment in the EDPB’s decision, which has compelled the DPC to shift its focus away from evaluating Meta’s new model to addressing the legal ramifications of the ban. He mentions that the DPC had anticipated these issues and communicated the potential flaws in the EDPB’s approach well before the decision was made. The DPC believes the ban has no practical utility since the data processing operations it targets were already being phased out by Meta.
The disagreement highlights the challenges in regulating large tech companies and the complexities of enforcing data protection laws across Europe. While the DPC and EDPB share the common goal of protecting user privacy, their differing approaches on how to effectively achieve this have led to friction, with the DPC calling for measures that have tangible benefits for privacy protection rather than actions that result in legal entanglements with little impact on the ground.