Meta fined 390M euros in latest European privacy crackdown

Meta fined 390M euros in latest European privacy crackdown thumbnail

LONDON — European Union regulators on Wednesday hit Facebook parent Meta with hundreds of millions in fines for privacy violations and banned the company from forcing users in the 27-nation bloc to agree to personalized ads based on their online activity.

Ireland’s Data Protection Commission imposed two fines totaling 390 million euros ($414 million) in its decision in two cases that could shake up Meta’s business model of targeting users with ads based on what they do online. According to the company, it will appeal.

A decision in a third case involving Meta’s WhatsApp messaging service is expected later this month.

Meta has been under severe pressure from the European Union’s privacy rules. These are some of the most stringent in the world. Meta has already been slapped by four additional fines by the Irish regulators for data privacy violations since 2021. These fines total more than 900million euros and there are a host of other cases against other Silicon Valley companies.

Meta is also facing regulatory headaches from EU antitrust officers in Brussels, who are flexing their muscles in the face of tech giants. They accused the company of distorting competition through classified ads.

The Irish watchdog — Meta’s lead European data privacy regulator because its regional headquarters is in Dublin — fined the company 210 million euros for violations of EU data privacy rules involving Facebook and an additional 180 million euros for breaches involving Instagram.

The decision stems from complaints filed in May 2018 when the 27-nation bloc’s privacy rules, known as the General Data Protection Regulation, or GDPR, took effect.

Previously, Meta relied on getting informed consent from users to process their personal data to serve them with personalized, or behavioral, ads, which are based on what users search for online, the websites they visit or the videos they click on.

When GDPR was implemented, Meta changed the legal basis for processing user data. They added a clause in the terms of service to advertise, thereby requiring users to consent to their data being used. This is a violation of EU privacy rules.

The Irish watchdog initially supported Meta, but it changed its position after the draft decision was sent out to a board made up of EU data protection regulators. Many of them objected. In its final decision, the Irish data protection regulator ruled that Meta was not allowed to use the “contract” legal basis to deliver behavioral ads to Instagram and Facebook.

Meta said in a statement that “we strongly believe our approach respects GDPR, and we’re therefore disappointed by these decisions and intend to appeal both the substance of the rulings and the fines.”

Meta has three months to ensure its “processing operations” comply with the EU rules, though the ruling doesn’t specify what the company has to do. Meta pointed out that although the decision doesn’t prohibit it from showing personalized ads, it does not stop it from doing so. However, the ruling only addresses the legal basis for handling user information.

Max Schrems (an Austrian lawyer and privacy activist) said that the ruling could have a significant impact on the company’s profits in Europe. “People now need to be asked whether they want their data used for ads or no” and can change their mind at anytime.

” The decision also ensures that advertisers who also need opt-in consent are treated equally,” he stated. Making changes to comply to the decision could increase costs for companies already facing increasing business challenges. Meta reported two straight quarters of declining revenue as advertising sales dropped because of competition from TikTok, and it laid off 11,000 workers amid broader tech industry woes.

Read More