DP News – Week 23. Facebook Business Tools are investigated by Danish Datatilsynet, EDPB adopts the final version of Guidelines on the calculation of administrative fines.

As a follow up to one of a total of 101 complaints that NOYB had sent to several European data protection authorities in late 2020, Datatilsynet looked into how Boligportal (a rental site in Denmark) used Facebook Business Tools.

As Datatilsynet explains, “Facebook Business Tools are offered by Meta and are tools that can be embedded on a website. When a person visits the website, the tools collect information about e.g. the person’s IP address, that the person has visited the website, time of the visit, other information about e.g. browser and operating system as well as information about other online identifiers that have been collected via cookies”.

On the basis of the information collected, Datatilsynet “could not make a decision about the possible transfer of personal data to the USA”, yet it concluded that “the parties must be considered joint data controllers for the processing of the complainant’s personal data. In this connection, the Danish Data Protection Authority found grounds for expressing serious criticism that Boligportal has not been able to demonstrate a sufficient distribution of roles and responsibilities between Boligportal and Meta Ireland Limited (Meta Ireland) in light of the processing of personal data that took place […]”.

Аs a result, Datatilsynet issued an order to Boligportal “to bring the processing of personal data into compliance with the GDPR”. In particular, this can be done “by clarifying the distribution of roles and responsibilities between Boligportal and Meta Ireland, so that it is clear from the arrangement between the parties whether personal data about website visitors is processed using means or data processors located outside the EU/EEA. Furthermore, it must be stated how the rules on third-country transfers are observed with regard to the processing for which the parties are joint data controllers […]”.

***

On 7th June, after public consultations, the EDPB adopted the final version of Guidelines on the calculation of administrative fines.

As the official press release explains, “the guidelines set out a 5-step methodology, taking into account the number of instances of sanctionable conduct, possibly resulting in multiple infringements; the starting point for the calculation of the fine; aggravating or mitigating factors; legal maximums of fines; and the requirements of effectiveness, dissuasiveness and proportionality.
Following public consultation, an annex was added with a reference table summarising the methodology and two examples of practical application”.