top of page
  • Prof. Lamdan

Social Media Privacy and the GDPR

The GDPR has given European regulators the power to investigate data controllers and processors, and to enforce regulatory penalties when they violate GDPR requirements. (Article 4 of the GDPR defines controllers, processors, and other GDPR terms.)


In late 2022, the Irish Data Protection Commission (DPC) concluded an inquiry into Meta Platforms Ireland Limited (MPIL), the data controller of the “Facebook” social media network, and imposed a fine of €265 million and a range of corrective measures on the company. The DPC found that Facebook Search, Facebook Messenger Contact Importer, and Instagram Contact Importer tools violated Article 25 of the GDPR, which obligates data controllers to implement Data Protection by Design and Default.


Here is a news report on the inquiry: Natasha Lomas, Meta hit with ~$275M GDPR penalty for Facebook data-scraping breach, TechCrunch (Nov. 28, 2022).


Here is the Final Decision published by the Irish Data Protection Commission.


Here are a few questions to keep in mind while looking through this material:

  • How could decisions like this one change how social media and other platforms collect and use our data, even beyond the EU?

  • How would similar laws in the U.S. change the responsibilities and limitations of social media platforms' treatment of our data?

  • From a legal writing perspective, compare the TechCrunch news report to the Final Decision. Why are they so different, even though they are conveying the same legal conclusions? Who are the audiences for each piece, and what are the goals of each piece?


0 views0 comments

Recent Posts

See All

Before we can even consider how to protect data privacy online, we have to decide who is in charge of protecting data privacy. Data privacy advocates believe that tech companies should create services

This semester, we are going to try something new: drafting proposed legislation. We just read a series of articles about library privacy laws. These laws were passed in the 1970's, long before online

Words matter. A snowflake is not a flurry. A flurry is not a blizzard. A blizzard is not a monsoon. These differences may seem obvious to us because we are accustomed to discussing the weather. But it

bottom of page