Meta fined nearly $414M over privacy violations by EU regulators
The Facebook parent company said it would appeal the fines and rulings
Facebook parent Meta Platforms will appeal nearly $414 million in fines imposed by European Union regulators for privacy violations.
The Data Protection Commission (DPC) in Ireland imposed two fines: 210 million Euros ($222.4 million) for breaches of the GDPR relating to its Facebook service and 180 million Euros ($190.6 million) for breaches in relation to its Instagram service. It also banned Mark Zuckerberg's company from forcing users in the bloc to agree to personalized ads. Meta plans an appeal.
Meta Ireland has also been instructed to "bring its data processing operations into compliance within a period of [three months."
A decision in a third case involving its WhatsApp messaging service is expected later this month.
Max Schrems, the Austrian lawyer and privacy activist who filed the complaints, said the ruling could deal a big blow to the company’s profits in the EU, because "people now need to be asked if they want their data to be used for ads or not" and can change their mind at any time."
TECH STOCK BOUNCE PART OF ‘SEASONAL PATTERN’, INVESTORS PIN HOPES ON JANUARY
Meta Platforms
Ticker | Security | Last | Change | Change % |
---|---|---|---|---|
META | META PLATFORMS INC. | 559.14 | -3.95 | -0.70% |
Irish regulators had previously hit Meta with four other fines for data privacy infringements since 2021, totaling more than 900 million Euros ($953 million).
Additionally, in December, EU antitrust officials in Brussels accused Meta of distorting competition in classified ads.
EUROPEAN WATCHDOG FINES META $276M AFTER DATA ‘SCRAPED’ FROM FACEBOOK LEAKED ONLINE
The DPC's latest decisions stem from complaints filed in May 2018 when the bloc’s privacy rules — known as the General Data Protection Regulation (GDPR) —took effect.
When the GDPR took effect, Meta altered the legal basis under which it processes user data by adding a clause to the terms of service for advertisements, effectively forcing users to agree that their data could be used — and violating EU privacy rules. Previously, the company relied on getting informed consent from users to process their personal data to serve them with personalized, or behavioral, ads.
New and existing users were asked to click "I accept" on revised terms of service if they wished to continue to have access to the Facebook and Instagram services.
The complaints against Meta argued that, by making accessibility conditional upon accepting updated terms, Meta Ireland was in fact "forcing" users to consent to the processing of their personal data for behavioral advertising and other personalized services. The complainants argued that this was in breach of the GDPR.
The Irish watchdog initially sided with Meta, but changed its position.
In a final decision, the Irish watchdog said Meta "is not entitled to rely on the ‘contract’ legal basis" to deliver behavioral ads on its popular social media platforms.
FACEBOOK'S PARENT TO SETTLE CAMBRIDGE ANALYTICA CLASS-ACTION CASE
Meta said in blog post that "we strongly believe our approach respects GDPR, and we’re therefore disappointed by these decisions and intend to appeal both the substance of the rulings and the fines."
The company noted that the decision doesn’t prevent it from displaying personalized ads: it only covers the legal basis for handling user data.
The Associated Press contributed to this report.