The privacy saga between Meta, the parent company of Facebook, Instagram, and WhatsApp, and the European digital rights group, NOYB (None of Your Business), is becoming more intense. The NOYB has taken a significant step to push for a full-scale investigation into Meta’s handling of user data. It’s appealing to the High Court to compel Ireland’s Data Protection Commission (DPC) to delve deeper into its complaints. The main issue? Meta’s alleged reliance on user consent, under the GDPR’s article 6(1)(b), to process personal data, including sensitive kinds.
Back in May 2018, the NOYB lodged complaints to data supervisory authorities in Austria, Belgium, and Germany about Meta’s data processing practices. The group contended that the GDPR’s article 6(1)(b) wasn’t a valid legal basis in this situation, and certain data processing actions couldn’t be legitimized. These complaints were then passed to the DPC, as Meta is established in Ireland, making it the lead supervisory authority.
The plot thickened as the DPC initially found that Meta’s platforms could indeed rely on the GDPR article. However, this decision was challenged by supervisory authorities from other EU countries, leading the European Data Protection Board to instruct the DPC to revise its findings. The DPC then backpedalled, stating that Facebook and Instagram couldn’t use the GDPR article to process user data for behavioural advertising, and WhatsApp couldn’t use it for improvement and security under its terms of service.
Now, the NOYB is turning to the High Court, demanding it declare that the DPC has failed to complete its investigation within a reasonable time frame, as mandated by GDPR and the Data Protection Act of 2018. It’s a significant development in this ongoing saga, highlighting the growing scrutiny over how tech giants like Meta handle user data.