Social media giant Meta was slapped Wednesday with fines totalling 390 million euros ($413 million) for breaching EU personal data laws on Facebook and Instagram, Ireland’s data regulator said.
Meta and other US big tech firms have been hit by huge fines over their business practices in the European Union in recent years and the bloc has also tightened online regulation.
The Irish Data Protection Commission said in a statement that Meta breached “its obligations in relation to transparency” and used an incorrect legal basis “for its processing of personal data for the purpose of behavioural advertising”.
The watchdog reached “final decisions” to fine Meta Ireland 210 million euros in relation to Facebook and 180 million euros in relation to Instagram, for violating Europe’s landmark General Data Protection Regulation (GDPR).
The announcement came one month after Europe’s data regulator, the European Data Protection Supervisor (EDPS), imposed binding decisions over the treatment of personal data by the group.
Read This
Russia fines Google $98mn over banned content
Italy’s antitrust regulator fines Amazon over $1.2bn
One of those rulings concerns Meta’s instant messaging division WhatsApp, with Ireland’s DPC due to announce a separate verdict next week.
The internet giant’s European operations are based in Dublin, along with a number of other major global tech companies including Google, Apple and Twitter.
As a result, Ireland’s data protection agency is the lead European regulator responsible for holding them to account.
Regulatory uncertainty
California-based Meta, which is led by Mark Zuckerberg, expressed disappointment with Wednesday’s news and will appeal.
“The debate around legal bases has been ongoing for some time and businesses have faced a lack of regulatory certainty in this area,” it said in a separate statement.
“We strongly believe our approach respects GDPR, and we’re therefore disappointed by these decisions and intend to appeal both the substance of the rulings and the fines.”
The company also stressed that the decisions “do not prevent targeted or personalised advertising” and relate “only to which legal basis Meta uses when offering certain advertising”.
The latest case follows complaints by privacy campaigning group Noyb that Meta’s three app services failed to meet Europe’s strict data protection rules.
Noyb says they flouted the landmark GDPR that came into force in May 2018 by failing to give users the option of holding back their personal data and blocking targeted advertising.
The campaign group welcomed the Irish regulator’s verdicts.
The Facebook owner has faced a series of massive penalties over its behaviour in recent years.
The DPC hit Meta with a 265-million-euro ($275-million) fine in November after details of more than half a billion users were leaked on a hacking website.
