Ireland raid over privacy concerns jilts Facebook Dating

Love was not in the air after Facebook’s poor communication skills relating to its dating service rollout led to the DPC’s raid of its Dublin headquarters. As a direct result, Facebook postponed the European launch of Facebook Dating, originally intended to make its debut on Feb. 13—just in time for Valentine’s Day. The raid occurred Monday, and Facebook postponed the rollout the next day.

While the DPC has historically been known to be kind to Big Tech, Monday’s raid shows the Irish regulator’s willingness to bear its teeth when pushed. The visit represented the first time the regulator carried out such an inspection on a large technology firm under the EU’s new General Data Protection Regulation (GDPR), according to the Wall Street Journal.

Of issue to the DPC was Facebook Ireland’s 10 days’ notice of its intention to roll out its dating service. The DPC said Facebook failed to provide a data protection impact assessment, which is legally required under the GDPR for data processing that is likely to be “high risk” to other people’s personal information.

“We were very concerned that [Feb. 3] was the first that we’d heard from Facebook Ireland about this new feature, considering that it was their intention to roll it out …13 February. Our concerns were further compounded by the fact that no information/documentation was provided to us on 3 February in relation to the Data Protection Impact Assessment (DPIA) or the decision-making processes that were undertaken by Facebook Ireland,” the DPC explained in a statement.

The marketed allure of Facebook Dating is that it combines Facebook users’ interests, events, and groups seamlessly to create dating profiles with optimal convenience: “Facebook Dating makes it easier to find love through what you like. … It takes the work out of creating a dating profile and gives you a more authentic look at who someone is,” Facebook touted in September, when it was first launched in the United States.

Due to the data-heavy nature of the dating service, the completion and submission of a DPIA was unquestionably required. Failure to carry out a DPIA under such circumstances would theoretically leave Facebook open to enforcement action, according to the GDPR. This includes fines of up to $20 million or 4 percent of a company’s annual revenue—whichever is higher. In Facebook’s case, the fine would most certainly fall into the latter category: a 4 percent fine would amount to $2.8 billion. (Statista lists Facebook’s annual revenue in 2019 as $70.7 billion).

However, such a penalty is not likely to befall Facebook. In the course of the Irish regulator’s inspection at Facebook Ireland’s offices, the DPC gathered the appropriate documentation. Plus, the tech company has since taken subsequent steps to kiss and make up with the regulator.

“We are taking a bit more time to make sure the product is ready for the European market. We have worked carefully to create strong privacy safeguards and have shared this information with the IDPC ahead of the European roll out,” Facebook said in a statement.

The new launch date of Facebook Dating in the European Union remains unspecified at this time.