back to article Long data privacy notices aren't foolproof, Euro watchdog tells Meta

Lengthy privacy notices included in a social media platform's terms of service can do little to help it comply with transparency requirements under European law, according to recently revealed documents from a case in which Meta was fined €390 million ($414 million). The documents have been released by noyb, the privacy law …

  1. Potemkine! Silver badge
    Pint

    To Max!

  2. Anonymous Coward
    Anonymous Coward

    > Meta reels from €390 million EU fine

    Really? I'd have thought they could pay that from whatever they found down the back of Zuck's sofa. How many seconds of profit is it again?

  3. pashingsmumpkins

    Client states of data whorehousers be like

    So it's no secret that the Irish govt have a lot to lose in terms of Zuck's financial footprint in the country, therefore is it a surprise that there has been a fair amount of, let's say, 'friction', in bringing the wanton abuse of personal information to account...?

  4. Mike 137 Silver badge

    Surprise, surprise!

    "Lengthy privacy notices included in a social media platform's terms of service can do little to help it comply with transparency requirements under European law"

    The actual requirements are set out in Articles 13 and 14 of the GDPR, and they're very clear and simple. The essential function of these Articles is to ensure that a data subject has enough information about processing to [a] identify whether their wider human rights are being abused by the processing and [b] exercise their statutory rights under the legislation to gain redress.

    Unfortunately, these two Articles not specific as to the presentation of the required information, which allows malefactors to obfuscate said presentation to avoid getting held to account for illicit processing.

    I spent considerable effort in the early days of the GDPR developing a standard presentational framework for the required information that would fulfil the data controllers' obligations to data subjects, and it actually made "privacy notices" shorter, clearer, more consistent and easier to create (if one was playing fair anyway). However, here in the UK anyway, nobody including the regulator was interested. Consequently, practically every privacy notice is grossly non-compliant with the Regulation, in that it fails to assist the data subject in exercising their rights.

    Very sadly, both regulators and independent activist bodies ignore this gross functional non-compliance, concentrating instead on comparatively minor issues such as length or wording. Until the law is [a] actively policed and [b] interpreted by the regulators for enforcement in terms of its intent as opposed to merely its literal expression, nothing will change for the better, but there are indeed signals both from the UK and Europe of moves to weaken its protections rather than enforce them properly.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like