The chief privacy authority for the European Union fined Meta Platforms Inc. €390 million ($414 million) for using user data for personalized adverts on its Facebook and Instagram businesses and issued a deadline for the company to put its services into compliance with EU law.
The ruling, which adds a new commercial challenge for the dominant social media company, is one of the most significant decisions made under the historic data privacy law of the European Union.
On Wednesday, the Data Protection Commission of Ireland imposed two separate fines for a combined €210 million for Facebook’s infringement of the EU’s landmark data privacy laws and €180 million for identical offences by Instagram.
Prior to the implementation of the EU’s General Data Protection Regulation in May 2018, Meta made changes to its terms of service, making them only available to users who consented to the processing of their data for the purpose of delivering highly targeted advertising.
The Irish regulator, who claimed the company was “not allowed to use the ‘contract’ legal basis as offering a lawful basis for the processing of personal data,” discovered that Meta was in fact pressuring consumers to agree to these terms.
The Irish authority, which has been criticized for process delays, has been looking into Meta for two years, and the fines reflect the culmination of those investigations. On May 25, 2018, the day the GDPR went into effect in the EU, the DPC started looking into the business.
Firms must adhere to the guidelines set forth by GDPR when handling personal data about individuals. Penalties for companies breaking the guidelines might reach 4% of their yearly global revenues.
The DPC ruled on Wednesday that Meta has three months to bring its data processing processes into compliance. The watchdog serves as the principal regulatory body for Meta and a number of other major American tech companies with headquarters in Ireland.
In response to the decision, Meta said it would file an appeal and believed its methods were compliant with European privacy laws. They firmly think that their strategy complies with GDPR, thus they are upset by these judgements and plan to challenge both the basis of the orders as well as the fines.
These choices do not preclude targeted or customized advertising on our platform, stated Meta. The decisions primarily concern the legal justification that the company employs to provide certain advertising. Advertisers can proceed to use platforms to expand their businesses, access new areas, and attract customers, it said.
Serious Blow to Meta’s Profit
Before, Meta needed the user’s permission to process their data for the purpose of behavioural advertising. However, following the GDPR’s implementation, the organization revised the terms of service for Facebook and Instagram and changed the “contractual necessity” legal justification for processing personal data.
The European Data Protection Board, which manages regulatory action on data protection across the bloc, ruled in December that Meta was not permitted to count on contracts as legal grounds for processing user data for targeted advertisements, thus declaring the firm’s advertising methods unlawful.
Because of a modification made by Apple in 2021 that allowed iPhone users the option to decide whether advertisers might monitor them, Meta is already dealing with a significant decline in advertising revenue. According to a report from Meta last year, Apple’s adjustments will cost the company roughly $10 billion by 2022, and consumer polls indicate that a sizable majority of users have disabled monitoring.