Meta’s latest fines bring the total penalties incurred by the tech giant to more than €1 billion over the last 12 months.
On Wednesday 4 January, Ireland’s Data Protection Commission (DPC) imposed two sizeable fines on the social media giant totalling €390 million for GDPR violations.
A lengthy probe by the data protection watchdog found that Meta’s use of data across its Facebook and Instagram platforms was unlawful.
The DPC investigation was launched following complaints made by privacy campaigner Max Schrems in 2018. The complaint argued that, in order to comply with the newly-implemented regulations, both platforms requested users click “I accept” to confirm they agreed to updated conditions for ad targeting purposes.
According to the DPC, this meant the social media company had “forced” user consent to data processing unless they left the social media platforms, resulting in a breach of privacy regulations.
An initial fine of €210 million was issued for GDPR violations on Facebook, the DPC said, while a second €180 million fine was also related to breaches by Instagram.
In a ruling on Wednesday, the DPC said that Meta must also bring its data processing operations in line with GDPR requirements within three months.
Meta said it plans to appeal the ruling, and told CNBC that the decision will not result in a ban on personalised advertising on Meta platforms.
“The suggestions that personalised ads can no longer be offered by Meta across Europe unless each user’s agreement has first been sought is incorrect,” a spokesperson for the company said.
“There has been a lack of regulatory clarity on this issue, and the debate among regulators and policymakers around which legal basis is most appropriated in a given situation has been ongoing for some time,” the statement added.
Forrester analyst Stephanie Liu warned that if the ruling stands, however, Meta will likely be forced to “explicitly ask users for consent for behavioural advertising” - or find a workaround.
“It would also need processes, workflows, and capabilities to disable targeted advertising for users who don’t consent while also convincing advertisers that its properties are still worthy of their ad budgets,” Liu added.
Recurring Meta fines
This latest batch of fines marks the climax of a difficult 12 months for the social media giant. Across the past year, Meta has incurred more than €1 billion in fines from European regulators.
In November, the company was fined €265 million by the DPC after a lengthy probe into a damaging data scraping incident.
Six myths of SIEM
Things have changed when it comes to SIEM solutions
The 17-month inquiry found that personal data belonging to more than 533 million Facebook users was publicly available online, and had been scraped from the platform over a 15-month period between May 2018 and September 2019.
Two months prior, in September 2022, regulators also imposed a €405 million fine after Instagram was found to have mishandled teenagers’ personal information.
This consistent wave of regulatory crackdowns has prompted the tech giant to set aside a €2bn (£1.7bn) fund to accommodate for penalties expected across 2023, according to reports from the Irish Times.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.
Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.
He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.