Italian DPA, Facebook and Cambridge Analytica
Italian DPA’s investigations have shown additional instances of unlawful processing in the Facebook and Cambridge Analytica case.
The Italian Data Protection Authority (Garante per la protezione dei dati personali) is ready to impose sanctions on Facebook in connection with the ‘Cambridge Analytica case’.
Apart from the data transmitted to Cambridge Analytica, the investigation found out that Italian nationals’ data acquired through the ‘Thisisyourdigitallife’ app were processed unlawfully because no appropriate information had been given and no specific consent was obtained. The Garante might initiate a separate proceeding in this regard, which could result in an administrative fine.
Furthermore, the inquiry found a software product called ‘Candidati’ [Candidates] installed on Facebook’s platform, failed to properly inform users of its data-collection practices and purposes. The social media platform shared the information with third parties on the eve of the Italian national elections, including sensitive data like political opinions.
The fact-finding inquiries reveal that Facebook based the data processing in a general consent declaration that was not specified, informed and unambiguous, which is not in line with GDPR requirements.
The Italian DPA reserved the right to sanction due to the unlawful processing activities of personal data. Given that Facebook’s main EU establishment is in Ireland, both Garante and Irish supervisory authority are cooperating in order to take action as appropriate.