Mark Zuckerberg, chief executive of Meta Platforms Inc., left, arrives in federal court in San Jose, California, United States, Tuesday, December 21. 20, 2022.
David Paul Morris | Bloomberg | Getty Images
Facebook parent company Meta On Wednesday, it was hit with a pair of fines totaling more than $400 million as Ireland’s privacy regulator concluded that the company’s advertising and data handling practices breached EU privacy laws.
The Irish Data Protection Commission said Meta should be ordered to pay two fines – the first, a fine of 210 million euros ($222.5 million) for breaching the company’s General Data Protection Regulation. European Union, or GDPR, and the second, a fine of 180 million euros. related to violations of the same law by Instagram.
Combined, the penalties amount to 390 million euros ($414 million).
The fines mark the conclusion of two lengthy investigations into Meta by the Irish regulator, which had been criticized for delays In the process. The DPC began investigating the company on May 25, 2018, the day the EU GDPR came into effect.
The GDPR imposes strict requirements on companies with regard to the processing of personal information. Companies that break the rules face penalties of up to 4% of global annual revenue.
In the decision On Wednesday, the DPC said Meta must bring its data processing operations into compliance within three months. The watchdog is the primary regulator of Meta and several other US tech giants, which are headquartered in Ireland.
Meta, which changed its name from Facebook in 2021, said in a statement Wednesday that it plans to appeal the decision. The decision does not amount to a ban on personalized advertising and companies can continue to use Meta’s platforms to target users with ads, he added.
“The suggestion that personalized ads can no longer be offered by Meta across Europe unless each user’s consent has been first sought is incorrect,” a spokesperson for Meta told CNBC per E-mail.
“There has been a lack of regulatory clarity on this issue, and the debate between regulators and policymakers over which legal basis is most appropriate in a given situation has been going on for some time,” the spokesperson added.
“Therefore, we strongly disagree with the DPC’s final decision and believe that we fully comply with the GDPR in relying on the contractual necessity for behavioral ads given the nature of our services. Accordingly, we will do appeal of the merits of the decision.”
A “hard blow” for Meta’s profits in the EU
Previously, Meta relied on a user’s consent to process their information for behavioral advertising purposes. However, after the GDPR came into effect, the company amended the terms of use of Facebook and Instagram and changed the legal basis on which it processes this information to something called “contractual necessity”.
That same year, Max Schrems, an Austrian privacy activist, filed a lawsuit alleging that the change required users to agree to the processing of their information for ad targeting in exchange for using the platforms.
Schrems, in a statement Wednesday, said the DPC’s decision on Wednesday meant Meta would have to develop a version of its apps that doesn’t use personal data for advertising purposes within three months.
He added that Meta would still be allowed to ask users to consent to ads with a “yes/no” option.
“It’s a blow to Meta’s earnings in the EU,” Schrems said. Users now have to be asked whether they want their data to be used for advertising or not. They must be able to choose “yes or no” and can change their mind at any time. This decision also ensures a level playing field with other advertisers. who must also obtain an opt-in consent. »
In December, the European Data Protection Board, which coordinates data privacy regulatory measures across the bloc, said Meta was prohibited from relying on contracts as a legal basis. for the processing of user data for targeted advertising, effectively deeming the company’s advertising practices illegal. . .
Following the decision, the DPC said it had concluded that Meta was “not permitted to rely on the legal basis of ‘contract’ in connection with the delivery of behavioral advertising as part of its services. Facebook and Instagram, and that its processing of user data to date, allegedly relying on the legal basis of “contract”, amounts to a violation of Article 6 of the GDPR.”
The fines imposed by the DPC have been significantly increased from those proposed in a draft decision in Octoberin which the regulator proposed a levy of between 28 and 36 million euros.
0 Comments