On Wednesday, Irish regulators fined Facebook parent Meta hundreds of millions of dollars for violating customers’ internet privacy and barred the firm from requiring European users to consent to tailored ads based on their online behaviour.
In two incidents that might upend Meta’s business model of targeting people with adverts based on what they do online, Ireland’s Data Protection Commission levied two fines totaling 390 million euros ($414 million).
The watchdog penalised Meta 210 million euros for violating Facebook’s rigorous data privacy policies, and another 180 million euros for violating Instagram’s policies.
Following four more fines for the business since 2021 totaling more than 900 million euros, this is the most recent sanction the commission has meted out to Meta for violating data privacy laws.
The General Data Protection Regulation, or GDPR, the privacy laws adopted by the 27-nation EU in May 2018, is what led to the judgement.
In the past, Meta relied on users’ informed consent to process their personal data in order to show them behavioural or tailored adverts. By including a clause in the terms of service for adverts, the company modified the legal basis on which it processes user data when GDPR went into effect, thereby requiring consumers to consent to the use of their data. That goes against EU privacy laws.
Initially siding with Meta, the Irish watchdog then reversed course after the draught ruling was presented to a panel of EU data protection officials, many of whom raised objections.
In its final decision, the Irish watchdog said Meta “is not entitled to rely on the ‘contract’ legal basis to deliver behavioral adverts on Facebook and Instagram.”
Meta said in a statement that “we strongly believe our approach respects GDPR, and we’re therefore disappointed by these decisions and intend to appeal both the substance of the rulings and the fines.”
Due to the fact that its regional offices are in Dublin, the Irish watchdog is Meta’s primary European data privacy regulator.