The third Advent Reading concerning the relationship between Ireland's Data Protection Commission and Facebook, noyb have published Facebook's Record of Processing Activities document. Unfortunately, the document is generic and doesn't explain how Facebook is in compliance with the EU GDPR. Having reviewed the document and after speaking with an expert who has worked on hundreds of ROPA documents before, Max Schrems said, "Facebook's core GDPR compliance document is symptomatic of their ignorance of the law - it only has four pages. Usually such a document would be hundreds of pages. The Irish DPC knows about the lack of documentation since 2018, but did not take action."
Catch up on the previous Advent Readings:
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 5,750 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.