The Irish Data Protection Commission has proposed a fine of up to €36 million against Facebook for allegedly violating the EU General Data Protection Regulation's transparency requirements. For reference, Facebook's revenue last quarter was $29b. The fine relates to insufficient information provided to Facebook users regarding the company's terms of service. In essence, Facebook wants to change the legal basis for processing users' personal data from consent to performing a legal contract. NOYB Founder Max Schrems, the complainant in the case, said Facebook "simply tries to bypass the clear rules of the GDPR by relabeling the agreement on data use as a 'contract,'" potentially allowing other companies to "just write the processing of data into a contract and thereby legitimise any use of customer data without consent." The European Data Protection Board will now review the draft decision before finalisation. Some members of the board are expected to challenge the DPC's findings. Reporting in other publications is also unfavourable. The headline in TechCrunch describes the decision as a joke.
UPDATE: 151021 - noyb publishes takedown letter from Irish Data Protection Commission (DPC). On the 14th of October, the DPC sent an extraordinary letter to noyb, which would "require [noyb] to remove the draft decision from your website forthwith, and to desist from any further or other publication or disclosure of same". noyb has refused the request to self-censor, which would limit the public's access to problematic decisions. Furthermore, noyb has invited the DPC to "bring legal proceedings before the relevant Court in Austria instead of sending letters intended to intimidate complainants."