Ireland’s Data Protection Commission has concluded investigations into Facebook’s WhatsApp and Twitter over possible breaches of EU data privacy rules, a spokesperson for the agency revealed to CNBC Monday.
The investigations will now move into the decision-making phase, according to Graham Doyle, head of communications for Ireland’s DPC. During this next phase, Ireland’s chief data regulator, Helen Dixon, will issue draft decisions, which are expected to come toward the end of the year.
These would mark Ireland’s first decisions related to U.S. multinational companies since Europe’s privacy law called the General Data Protection Regulation (GDPR) went into effect on May 2018.
In her draft decisions, Dixon will determine the penalty, if any, that either company faces for breaching data privacy rules. Companies can be fined up to 4% of global annual revenues for breaching Europe’s data privacy law called GDPR. For Facebook, that could mean a fine of more than $2 billion based on its fiscal year 2018 revenue.
Because many big tech companies have their EU headquarters in Ireland, the Irish DPC supervises the firms under GDPR. Ireland’s DPC has opened more than a dozen investigations into big tech companies including Facebook, Apple, Google and Twitter.
Doyle said the commission had now concluded its investigation into WhatsApp in a case it opened last year related to transparency. The DPC, according to its annual report, has been examining whether WhatsApp had provided information in a transparent way to users and non-users of the app’s services.
The DPC has also concluded its investigation into Twitter, Doyle said. The investigation was launched in response to a data breach notification it received from Twitter on January 8, 2019.
Commissioner Dixon can now request additional information from Facebook and Twitter in both cases before issuing her decision. Her draft decision will then go to other EU regulators for feedback before a final decision is made.
Facebook and Twitter declined to comment.