Dr Johnny Ryan of the ICCL has written to European commissioner Margrethe Vestager that there exists a ‘regime of data anarchy’ at Meta.
The Irish Council for Civil Liberties (ICCL) has declared that Facebook-parent Meta is incapable of complying with EU data protection laws.
In a letter to European Commission vice-president Margrethe Vestager, who is responsible for overseeing the recently passed Digital Markets Act (DMA), ICCL’s Dr Johnny Ryan called out Meta for “a data free-for-all” that makes compliance with the DMA ‘impossible’.
Based on thousands of pages of unsealed documents from an ongoing case against Meta in California, the ICCL was able to reveal what it calls a “regime of data anarchy” in which people responsible for data systems are unaware of how other people in the company use their system.
“These latest revelations show data anarchy inside Meta. It does not know where, how or why data is used internally,” Ryan said separately. “Meta cannot comply with the new EU Digital Markets Act and has failed to uphold its GDPR obligations for years. This is a data free-for-all.”
The letter highlights how, in some cases, even the engineers using systems in Meta may not be able to understand what is happening because, according to on Meta engineer, “it is not possible for humans to understand”.
Newly unsealed court documents reveal data anarchy at @Meta.
We’ve just sent the European Commission @vestager +@ThierryBreton @dreynders new material revealing Meta’s internal data systems
+how Meta infringes the new EU Digital Markets Act + GDPRhttps://t.co/ylwouHVU7N— Johnny Ryan (@johnnyryan) November 17, 2022
Ryan wrote, based on documents from the case, that Meta was unable to respond when ordered to produce information about what 149 different data systems within Meta do and what parts of Meta’s business use them – despite having conducted a year-long investigation of those systems.
He argued that Meta cannot comply with the provisions of the DMA, one of which prohibits Big Tech firms from automatically using data from one part of their business to prop up other parts, because it cannot “distinguish data uses for separate core platform services”.
“Meta’s inability to know and account for how it uses data internally not only makes it impossible to comply with the DMA, but also infringes the GDPR, too,” Ryan went on.
‘Contrary to contestability and fairness’
A senior fellow of the ICCL, Ryan has long been critical of Big Tech in the EU – as well as the Irish Data Protection Commission’s (DPC) handling of GDPR complaints against them.
Ryan told an Oireachtas committee last year that Ireland had become a “bottleneck of GDPR investigation and enforcement” and the Irish DPC has failed to resolve 98pc of cases important enough to be of concern across the EU – a claim disputed by the DPC.
Just last month, Ryan wrote in a letter to the European Ombudsman that the Commission “has produced little to indicate that it has diligently monitored Ireland’s application of the GDPR” at a time when “the fundamental rights of all Europeans hang in the balance”.
In his latest criticism of Meta, Ryan argues that infringements of the GDPR are “contrary to contestability and fairness in the market” and urged the Commission to take certain immediate steps.
“The Commission should obtain from Meta a complete and granular list of each data processing purpose, and all relevant information about its data processing,” he wrote, adding that the latest revelations mean that Meta will meet the test of “systematic non-compliance” in the DMA.
He also urged the Commission to be prepared to impose “structural remedies” on Meta under the DMA – including the possibility of breaking Meta up.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.