Why our colleagues are proud to work for us
Our 30 second video gives an overview of our score for pride at work in the Sunday Times Best Place to Work survey.
Meta, the owners of Facebook, Instagram and WhatsApp, have just been fined €390m euros (£346m) by the Irish Data Protection Commission (“DPC”) for not having an appropriate lawful basis under GDPR for processing personal data in connection with the delivery of its services, including the delivery of personalised advertisements.
Article 6 of the GDPR (which is retained in UK law pursuant to the Data Protection Act 2018) sets out six “lawful bases” for processing personal data. At least one of these must apply in order for the data to be processed lawfully:
In advance of GDPR coming into operation, Meta had changed its terms of service for Facebook and Instagram. Having previously relied on the “consent” lawful basis, Meta now sought to rely on the “contract” lawful basis for most (but not all) of its processing operations. If users wished to continue to have access to Facebook and Instagram following the introduction of GDPR, they were asked to click “I accept” on the updated terms of service and those services would be unavailable if users refused to do so.
Meta considered that, on accepting the updated terms of service, users were entering into a contract with Meta and that, consequently, the processing of a user’s personal data in connection with the delivery of the services was necessary for the performance of the contract (including the provision of personalised services and behavioural advertising).
However, following their investigation, the DPC made the following notable findings:
Meta has made it clear that they will be appealing this decision, which will provide some much-needed guidance on lawful basis of processing personal data in this area. However, as it stands, the DPC’s decision has potentially huge ramifications for Meta’s business model. If it is indeed the case that Meta must now rely on users giving their consent to targeted advertising then under GDPR, users must be able to withdraw that consent at any time. If a large number of users were to do so, then Meta could be subject to huge losses in their advertising revenue on top of the already heavy fine they have received.
This matter highlights the importance of your business:
Contact our offices
Make an enquiry