Meta fined $400m for violating EU privacy law with targeted ads
By Puja Sharma
Data Protection Commission of Ireland imposed a fine of €390 million or $414 million against Meta for violating EU data privacy rules through its Facebook and Instagram services. Despite its disagreement with the DPC ruling, Meta plans to appeal.
A fine of €210 million was imposed by the regulator for breaches of the EU’s General Data Protection Regulation (GDPR) associated with Facebook, and a fine of €180 million for breaches related to Instagram. A three-month compliance period was also directed by the DPC for Meta’s Ireland business.
According to the DPC ruling, Meta Ireland failed to provide users with enough information about how their data was being processed and that it cannot use the ‘contract’ legal basis to advertise on Facebook and Instagram based on behavioral data. In two complaints filed at the time, European users argued that the change amounted to “forced consent,” since they would not be able to use Facebook or Instagram if they refused.
A Meta spokesperson responded that it intends to appeal both the fines imposed and the substance of the rulings. “We strongly believe our approach respects GDPR, and we’re therefore disappointed by these decisions and intend to appeal both the substance of the rulings and the fines,” the company said in a blog post Wednesday.
Meta also said “there has also been inaccurate speculation and misreporting on what these decisions mean. We want to reassure users and businesses that they can continue to benefit from personalized advertising across the EU through Meta’s platforms.”
According to Meta, GDPR “allows for a range of legal bases under which data can be processed.” To date, the company said, it has relied on a legal basis called “Contractual Necessity” to serve users ads based on their activity on its platforms, subject to their safety and privacy settings.
“We have always been open with regulators and courts about this, and in previous assessments of our services they did not object to the use of Contractual Necessity for this type of activity,” Meta said. “Given that regulators themselves disagreed with each other on this issue up until the final stage of these processes in December, it is hard to understand how we can be criticized for the approach we have taken to date, and therefore we also plan to challenge the size of the fines imposed.”
Angel Maldonado, CEO of Empathy.co said: “The Irish watchdog’s fine on Meta’s crude advertising model finally puts the privacy versus personalisation trade-off to bed – it’s simply unethical and unsustainable. This ruling signals that power is being put back into the hands of consumers, where they will have the autonomy to choose how and when they share their personal information. The DPC makes it clear that highly personalised advertising doesn’t trump the significance of consent and permission. This is their calling to other Big Tech companies such as TikTok, reliant on aggressive data collection practices, that common sense will prevail.
Thanks to the DPC, we are witnessing the establishment of a more transparent and fairer playing field. Such a decision will force all businesses, including retail, that leverage personalised advertising models to review their practices and rethink their data collection principles. The changes required to be made to Meta’s platforms in the coming months is a hugely positive sign for consumers’ digital rights.”
Other Related News
July 16, 2024
Rise in sophisticated attacks, state-level threats, and increased ransom DDoS Incidents
Read MoreJuly 15, 2024