Facebook and its sister brands Instagram and WhatsApp have been the focus of more than half of Ireland’s data investigations in the first year of General Data Protection Regulation being enforced in the European Union.
Ireland’s Data Protection Commission, the lead data watchdog in the EU, has launched 19 statutory investigations in the past year, with 11 of these focused on Facebook-owned platforms.
The world’s major tech companies, including Facebook, Google, Microsoft and Twitter, are registered for processing personal data in Ireland. Microsoft’s business-to-business social media site LinkedIn is also being investigated by the DPC, as is Twitter, the BBC reported.
Nine of the 19 investigations were launched after complaints from individuals or businesses, while the DPC opened the other 10 itself.
A Facebook spokeswoman said: "We spent over 18 months working to ensure we comply with the GDPR. We made our policies clearer, our privacy settings easier to find and introduced better tools for people to access, download, and delete their information. We are in close contact with the Irish Data Protection Office to ensure we are answering any questions they may have."
Last week, the DPC began an investigation into Google over the way it uses data to provide targeted advertising via its Ad Exchange service. The search giant had already been fined €50m (£43.5m) by the equivalent body in France over the way it collected user content; Google is appealing this ruling.
The Google case came a day after the Irish regulator began a probe into ad-tech companies – Quantcast, Acxiom, Oracle, Criteo, Tapad, Equifax and Experian – over the way they aggregate user data to build detailed profiles of people. The case was brought last year by Privacy International, a UK-based charity.
GDPR came into force on 25 May 2018 and gives regulators the power to fine companies up to 4% of their annual turnover.