LONDON (AP) – European Union (EU) regulators yesterday hit Facebook parent Meta with hundreds of millions in fines for privacy violations and banned the company from forcing users in the 27-nation bloc to agree to personalised ads based on their online activity.
Ireland’s Data Protection Commission imposed two fines totalling EUR390 million (USD414 million) in its decision in two cases that could shake up Meta’s business model of targetting users with ads based on what they do online. The company said it will appeal.
Meta and other Big Tech companies have come under pressure from the EU’s privacy rules, which are some of the world’s strictest. Irish regulators already slapped Meta with four other fines for data privacy infringements since 2021 that total over EUR900 million and have a slew of other open cases against a number of Silicon Valley companies.
Meta also faces regulatory headaches from EU antitrust officials in Brussels flexing their muscles against tech giants: They accused the company last month of distorting competition in classified ads.
The Irish watchdog – Meta’s lead European data privacy regulator because its regional headquarters is in Dublin – fined the company EUR210 million for violations of EU data privacy rules involving Facebook and an additional EUR180 million for breaches involving Instagram.
The decision stems from complaints filed in May 2018 when the 27-nation bloc’s privacy rules, known as the General Data Protection Regulation (GDPR), took effect.
Previously, Meta relied on getting informed consent from users to process their personal data to serve them with personalised, or behavioural, ads, which are based on what users search for online, the websites they visit or the videos they click on.
When GDPR came into force, the company changed the legal basis under which it processes user data by adding a clause to the terms of service for advertisements, effectively forcing users to agree that their data could be used. That violates EU privacy rules.
The Irish watchdog initially sided with Meta but changed its position after its draft decision was sent to a board of EU data protection regulators, many of whom objected.
In its final decision, the Irish watchdog said Meta “is not entitled to rely on the ‘contract’ legal basis” to deliver behavioural ads on Facebook and Instagram.
