Meta Platforms Inc. was hit with €390 million ($414 million) in fines by the European Union’s main privacy watchdog over the way users’ data is used for personalized ads on its Facebook and Instagram units, and given an ultimatum to bring its services in line with EU law.
Meta has three months to ensure the processing of such information complies with EU rules, the Irish Data Protection Commission said in a statement on Wednesday. The regulator slapped Facebook with a €210 million-fine, and Instagram a further €180 million after the watchdog concluded that Meta’s terms of service requiring users to accept personalized ads when signing up to the social media services violated EU rules.
The Irish watchdog found that Meta “is not entitled to rely on the ‘contract’ legal basis in connection with the delivery of behavioral advertising” on Facebook and Instagram, and that its processing of customer data breaches the EU’s General Data Protection Regulation, or GDPR.
The Irish authority is the lead watchdog for some of Silicon Valley’s biggest tech firms including Meta which have set up their European headquarters in Ireland. The probes followed complaints in 2018 against Facebook and Instagram which challenged Meta’s new rules requiring users to accept the new ‘contract’ terms if they wanted to access the services.
Wednesday’s decision follows a binding order by the European Data Protection Board, the EU body overseeing national data watchdogs, laying out which way the Irish regulator’s final decision concerning Meta’s units should go.Meta said Wednesday that there’s been a lack of regulatory clarity about the legal basis companies should use for certain adverts and that it “strongly disagrees” with the Irish authority’s findings and will appeal.“These decisions do not prevent targeted or personalized advertising on our platform,” Meta said in an emailed statement. “The decisions relate only to which legal basis Meta uses when offering certain advertising.”
Data watchdogs in Europe saw their powers increased overnight in May 2018, when the GDPR took effect, which gave them the power to levy fines of as much as 4% of a company’s annual sales. The biggest penalties under GDPR so far have been a record €746 million fine for Amazon.com Inc. by Luxembourg regulators, followed by a €405 million fine for Instagram, and a €265 million fine for Meta for failing to prevent a data leak.