5 Matching Annotations
  1. Feb 2023
    1. In expressing disagreement with the proposed literal interpretation of Article 13(1)(c) GDPR set outin the Preliminary Draft Decision, Facebook submitted that “Facebook Ireland’s interpretation directlytracks the actual wording of the relevant GDPR provision which stipulates only that two items ofinformation be provided about the processing (i.e. purposes and legal bases). It says nothing aboutprocessing operations.”102 Facebook submitted that because, in its view, Article 13(1) GDPR applies “atthe time data is collected”, and therefore refers only to “prospective processing”. It submits that, onthis basis, Article 13(1)(c) GDPR does not relate to ongoing processing operations, but is concernedsolely with information on “intended processing”.103 Facebook’s position is therefore that Article13(1)(c) GDPR is future-gazing or prospective only in its application and that such an interpretation issupported by a literal reading of the GDPR

      This is both a ballsy, and utterly stupid argument. The kind of argument that well-paid lawyers will make in order to keep getting paid.

    2. In light of this confirmation by the data controller that it does not seek to rely on consent in thiscontext, there can be no dispute that, as a matter of fact, Facebook is not relying on consent as thelawful basis for the processing complained of. It has nonetheless been argued on the Complainant’sbehalf that Facebook must rely on consent, and that Facebook led the Complainant to believe thatit was relying on consent

      Here Helen bitchslaps Max by noting that despite what they hope and wish for, FB is relying on contract, and not consent.

    3. On this basis, the issues that I will address in this Draft Decision are as follows: Issue 1 – Whether clicking on the “accept” button constitutes or must be considered consentfor the purposes of the GDPR Issue 2 – Reliance on Article 6(1)(b) as a lawful basis for personal data processing Issue 3 – Whether Facebook provided the requisite information on the legal basis forprocessing on foot of Article 6(1)(b) GDPR and whether it did so in a transparent manner.

      Key issues identified in the draft opinion. Compare later if this differs in final.

    4. Data Policy and related materialsometimes, on the contrary, demonstrate an oversupply of very high level, generalised information atthe expense of a more concise and meaningful delivery of the essential information necessary for thedata subject to understand the processing being undertaken and to exercise his/her rights in ameaningful way. Furthermore, while Facebook has chosen to provide its transparency information byway of pieces of text, there are other options available, such as the possible incorporation of tables,which might enable Facebook to provide the information required in a clear and concise manner,particularly in the case of an information requirement comprising a number of linked elements. Theimportance of concision cannot be overstated nonetheless. Facebook is entitled to provide additionalinformation to its user above and beyond that required by Article 13 and can provide whateveradditional information it wishes. However, it must first comply with more specific obligations under theGDPR, and then secondly ensure that the additional information does not have the effect of creatinginformation fatigue or otherwise diluting the effective delivery of the statutorily required information.That is simply what the GDPR requires.

      DPC again schools facebook in reality.

    1. As noted by the IE SA, the HTML publication of contact information was not considered necessary by Facebook’s Security Team and was subsequently discontinued117. The EDPB considers that the analysis of the principle of data minimisation (Article 5(1)(c) GDPR) is relevant for the necessity assessment on the basis of Article 6(1)(b) GDPR118. Consequently, the EDPB further finds that such analysis should have complemented the LSA’s assessment on the necessity of the processing for the performance of the contract, with specific regard to the publication of the contact information in the HTML source code on the Instagram website. The EDPB considers that the IE SA could not have concluded that the publication of the contact information of child users in the HTML source code may be regarded as

      EDPB rightly smacks the IE SA around a bit for generally cocking this all up.