The Irish Data Protection Commission has proposed a fine of between €28 million and €36 million for Facebook for violations of the EU’s General Data Protection Regulation.
According to two people with knowledge of the process, the draft decision concerns Facebook’s legal basis for handling users’ personal information and is related to a complaint initially filed with the Austrian data regulator by activist group, noyb.eu, in May 2018, which was then passed to the Irish data regulator.
In a statement, noyb.eu confirmed the fine on Wednesday.
That complaint, filed the day the GDPR came online, accused Facebook of relying on “forced consent” by requiring users to consent to the company collecting their data to use the platform. The activist group filed similar complaints against Google, WhatsApp and Instagram.
Other regulators now have a month to weigh in on the decision.