Meta was fined a total of 390 million euros ($413.7 million) by the Irish Data Protection Commission – 210 million euros ($222.8 million) for Facebook and 180 million euros ($190.9 million) for Instagram – for breaching European Union (EU) personal data laws.
The Irish data regulator reached a final decision to fine Meta Ireland for violating Europe’s landmark General Data Protection Regulation (GDPR) and said in a statement that the company breached “its obligations in relation to transparency” and used an incorrect legal basis “for its processing of personal data for the purpose of behavioural advertising”.
In essence, Meta was fined for improperly serving personalised ads without what the regulators considered sufficient consent from its users.
There could be another fine on Meta, with the Irish DPC due to announce a separate verdict on its messaging app WhatsApp next week.
Explaining its decision in a statement, the Data Protection Commission said: “Meta Ireland considered that, on accepting the updated Terms of Service, a contract was entered into between Meta Ireland and the user. It also took the position that the processing of users’ data in connection with the delivery of its Facebook and Instagram services was necessary for the performance of that contract, to include the provision of personalised services and behavioural advertising, so that such processing operations were lawful by reference to Article 6(1)(b) of the GDPR (the ‘contract’ legal basis for processing).
“The complainants contended that, contrary to Meta Ireland’s stated position, Meta Ireland was in fact still looking to rely on consent to provide a lawful basis for its processing of users’ data. They argued that, by making the accessibility of its services conditional on users accepting the updated Terms of Service, Meta Ireland was in fact “forcing” them to consent to the processing of their personal data for behavioural advertising and other personalised services. The complainants argued that this was in breach of the GDPR.”
The Mark Zuckerberg-founded Meta said it will appeal.
In a statement, the tech company said: “The debate around legal bases has been ongoing for some time and businesses have faced a lack of regulatory certainty in this area.
“We strongly believe our approach respects GDPR, and we are therefore disappointed by these decisions and intend to appeal both the substance of the rulings and the fines.”
European Union has hit Meta and other US big tech firms with big fines in recent years.
In November, the DPC hit Meta with a fine of 265 million euro ($275 million) after details of more than half a billion users were leaked on a hacking website. Two months prior to that, the Irish watchdog imposed a record 405 million euro fine after the Instagram platform was found to have breached regulations on the handling of children’s data.
Facebook was also fined a record $5 billion by the US federal authorities in July 2019, over its privacy controls in the wake of the Cambridge Analytica scandal.
In France, Facebook was fined 60 million euros ($63.6) in January 2022 for its use of online cookies, the digital trackers used to target advertising.
Follow us on
