Ireland‘s Data Protection Commission (DPC) has proposed fining Facebook up to 36 million euros in one of more than a dozen probes it has opened into the social media giant, according to a draft decision published by the complainant on Wednesday.
Under European Union 2018 data protection rules, the DPC must now share the preliminary ruling with all concerned EU supervisory authorities and consider their views before making a final verdict.
The Irish commission is the lead regulator of Facebook and many other of the world’s largest technology company’s under the bloc’s “One Stop Shop” data regime, due to the location of their EU headquarters in Ireland.
The complaint, lodged by Austrian privacy activist Max Schrems, concerned the lawfulness of Facebook’s processing of personal data, specifically around its terms of service.
The DPC proposed a fine of 28 million to 36 million euros for Facebook’s failure to provide sufficient information, according to the draft decision, published by Schrems’ digital rights group NOYB
A spokesman for the DPC said it had sent the draft decision to the other supervisory authorities and had no further comment as the process is ongoing.