Facebook investigations by EU Ireland regulator nearing conclusions

The Irish regulator conducting nearly one dozen investigations into Facebook isn’t convinced by Mark Zuckerberg’s privacy push.

The internet giant’s stock fell Wednesday after a report in the Wall Street Journal suggested the Facebook boss has previously been aware of potential issues with privacy, arising from the firm’s business practices.

In a CNBC interview Wednesday, Ireland’s Data Protection Commissioner Helen Dixon said “it’s all going to remain to be seen” whether Facebook and CEO Mark Zuckerberg are serious about a shift toward privacy and security on the platform.

In the meantime, Dixon said Ireland’s Data Protection Commission (DPC) will continue its investigations into Facebook and other U.S. tech giants as they face increased scrutiny by regulators around the world.

“There will certainly be some of the investigations into Facebook that will reach a conclusion in the coming months,” Dixon told CNBC. She added she has met and spoke with “a number of the senior executives at Facebook.”

Asked whether Ireland’s data protection authorities have been in touch with regulators at the Federal Trade Commission (FTC) about a possible Facebook investigation in the U.S., Dixon replied “we’ve had some conversations.”

“We’re all coming at the same issues from the different legal frameworks under which we operate under very similar goals in terms of the outcomes and the changes in behavior that we’re hoping to drive,” she said.

Facebook has faced backlash from politicians and regulators over the past year thanks to a series of privacy scandals and data breaches. CEO Mark Zuckerberg outlined a “privacy-focused” future for the company in March, while the social media said in April it expects to pay the FTC up to $5 billion over violations of a 2011 consent decree.

Facebook said in a statement Wednesday is fully cooperating with the FTC’s investigation and “at no point did Mark or any other Facebook employees knowingly violate the company’s obligations under the FTC consent order.”

Ireland’s DPC is currently conducting 11 investigations into Facebook and its subsidiaries WhatsApp and Instagram. The inquiries range from Facebook receiving users’ consent to notifying authorities of data breaches within a required 72-hour window.

Because many big tech companies have their EU headquarters in Ireland, the Irish DPC supervises the firms under the General Data Protection Regulation (GDPR).

GDPR is an EU-wide privacy law that went into effect one year ago. It aims to give consumers more control over their personal information online, for example by allowing them to access and delete their data. Companies that breach the law can face big fines: up to 4% of global annual revenues or 20 million euros ($22.6 million), whichever is bigger. For Facebook, that could result in a fine of more than $2 billion based on its fiscal year 2018 revenue.

So far, Dixon’s office has yet to levy any fines under GDPR. Dixon said “the fine will come where there are infringements” but added it is also key for tech companies that breach the law to change their behavior and set a precedent for other companies going forward.

“The fines are undoubtedly important but they are only part of the picture,” she said.

In addition to its inquiries into Facebook, Dixon said the DPC has launched a total of 20 investigations into multinational tech companies including Apple, Alphabet’s Google and Twitter. She said she welcomed debate in the U.S. about the influence of big tech companies on everything from online bullying to disinformation and privacy issues.

“I think there is evidence that Cambridge Analytica was a turning point in terms of people understanding the business model around monetization of their personal data and how they can be profile and micro-targeted,” she said.