The Irish Data Protection Commission has proposed a fine of between € 28 million and € 36 million for Facebook for violating the EU’s General Data Protection Regulation.
According to two people familiar with the process, the draft decision concerns Facebook’s legal basis for processing users’ personal information and relates to a complaint initially filed with the Austrian data regulator by the activist group noyb.eu, in May 2018. , which was then passed on to the Irish data regulator.
In a statement, noyb.eu confirmed the fine on Wednesday.
This complaint, filed the day the GDPR went live, accused Facebook of relying on “forced consent” by requiring users to consent to the company collecting their data to use the platform. The activist group has filed similar complaints against Google, WhatsApp and Instagram.
The other regulators now have one month to comment on the decision.