Irish DPC Draft Decision Permits Facebook to Rely on Contractual Necessity for Behavioral Advertising

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

The Irish Data Protection Commissioner (“DPC”) has submitted a draft decision on Facebook Ireland Limited’s (“Facebook”) data protection compliance to other European regulators under the cooperation mechanism of the EU General Data Protection Regulation (“GDPR”) (the “Draft Decision”). The DPC proposes a fine between €28 and €36 million (i.e., up to $42 million) for infringements of the transparency obligations under the GDPR, specifically with respect to the legal basis upon which Facebook relied. In addition, the Draft Decision proposes imposing an order on Facebook to bring its terms of service and Data Policy into compliance within three months. However, the DPC indicates in its Draft Decision that Facebook is permitted to rely on contractual necessity as a legal basis for its personalized advertising, taking the view that this constitutes a core element of Facebook’s service.

On August 20, 2018, the DPC commenced an inquiry into Facebook’s compliance, following a complaint by an individual acting through None of Your Business (“NOYB”), the privacy activist group run

Read more