The Irish Data Protection Commission (DPC) has fined Meta a total of €390 million after finding that it coerced Facebook and Instagram users into consenting to the processing of personal data for the purposes of targeted advertising.
Today’s decision comes after two investigations into Meta’s data processing operations were concluded following complaints deposit by non-profit organization noyb on behalf of Austrian and Belgian users on May 25, 2018, when the EU General Data Protection Regulation (GDPR) Privacy and Data Security Act came into force vigor.
“Having previously relied on users’ consent to the processing of their personal data in the context of providing Facebook and Instagram’s services (including behavioral advertising), Meta Ireland has now sought to rely on the legal basis of the “contract” for most (but not all) of its processing operations”, the Irish data watchdog said.
“If they wished to continue to have access to the Facebook and Instagram services after the introduction of the GDPR, existing (and new) users were asked to click on “I accept” to indicate their acceptance of the updated terms of service. (The Services would not be accessible if users refused to do so).”
The DPC imposed an administrative fine of €210 million on Meta Ireland for breaches of GDPR related to its Facebook service and a fine of €180 million for breaches related to Instagram services.
The DPC also ordered Meta to bring its current data processing operations into compliance with GDPR regulations within the next three months, which means the company will no longer be able to process its users’ personal information for personalized advertising until they engage.
Meta rejects DPC findings and will appeal fines
However, Meta today also issued a statement in response to DPC’s announcement of the €390 million fine, saying its approach is GDPR compliant and attributing the decision to a “lack of regulatory clarity”.
The company added that it would appeal the fines and reassured businesses and users that they could “continue to benefit” from personalized ads on Meta’s platforms across the EU.
“We strongly believe that our approach complies with the GDPR, and so we are disappointed with these rulings and intend to appeal both the merits of the rulings and the fines,” Meta said. said.
“These decisions do not prevent personalized advertising on our platform. Advertisers can continue to use our platforms to reach potential customers, grow their business and create new markets.”
“Facebook and Instagram are inherently personalized, and we believe that providing each user with their own unique experience – including the ads they see – is a necessary and essential part of this service.”
In November, Meta was also fined 265 million euros ($275.5 million) by Ireland’s data watchdog for failing to protect Facebook users’ data from scrapers after data belonging to 533 million was leaked on a hacker forum.