Your privacy is important to us.
The Hamburg Commissioner for Data Protection and Freedom of Information issued the fine against Facebook in December 2019. It came to their attention through a complaint that Facebook had appointed its Data Protection Officer (DPO) for all EEA subsidiaries in Ireland.
However, Article 37(7) of the GDPR requires a Controller not only to publish the contact details of the DPO but also to communicate them to the relevant supervisory authority. As Facebook had not notified the Hamburg Commissioner it had committed a technical breach.
On the bright side for Facebook, the Hamburg Commissioner stated that Facebook did not appeal the fine and commented that “it is due to Facebook’s professional handling of the infringement that the fine was not significantly higher.”
In the grand scheme of potential fines, the fine levied is low level, however it is a lesson to multinationals that even minor infringements of the GDPR can result in fines and adverse publicity.
This article has been produced for general information purposes and further advice should be sought from a professional advisor. Please contact our Data Protection team at Cleaver Fulton Rankin for further advice or information.