Facebook Ireland has set aside €302 million (U.S. $366 million) for possible fines from the Irish Data Protection Commission (DPC) for violations of the General Data Protection Regulation (GDPR).
The Big Tech firm says in its account filing from Dec. 7 with Ireland’s Companies Registration Office that the €302 million relates to “amounts identified for administrative fines arising from various regulatory compliance matters principally under investigation by the relevant data protection supervisory authorities.”
The provision represents the “best estimate” of what the potential liability could be based on “advice from outside legal counsel, regulatory correspondence received to date, and relevant mitigating factors.”
Facebook believes compliance costs and fines could range between €154 million (U.S. $186 million) and €541 million (U.S. $655 million) and expects the matters to be resolved within the next two financial years.
At the end of October, WhatsApp’s Irish unit disclosed in its accounts it had set aside €77.5 million (U.S. $91.8 million) for possible administrative fines arising from long-standing investigations by the Irish DPC into the way the messaging platform shares data with Facebook, its parent company.
In its filing, WhatsApp said the costs of any fine, as well as any compliance-related costs, could be between €35 million and €105 million (U.S. $41.5 million to $124.4 million).
Industry sources widely suggest the Irish DPC will announce its preliminary findings into the case by the end of the year.
Facebook is currently being probed in 11 separate statutory inquiries by the Irish data regulator: eight concern Facebook, two relate to WhatsApp, and one to Instagram.
It is not immediately clear whether the €302 million provision signifies a decision on any particular compliant or whether a decision is actually forthcoming.
Some EU data protection authorities, as well as privacy campaigners and lawyers, have expressed frustration with the slow pace of Ireland’s investigations into the likes of Google, Twitter, and Facebook. The Irish DPC has often defended its progress, however, by pointing out it is the only supervisory authority to conduct cross-border investigations into any Big Tech firm.