Latest Meta GDPR fine brings 12-month total to more than €1 billion
Meta was issued with two hefty GDPR fines for “forcing” users to consent to data processing
Meta’s latest fines bring the total penalties incurred by the tech giant to more than €1 billion over the last 12 months.
On Wednesday 4 January, Ireland’s Data Protection Commission (DPC) imposed two sizeable fines on the social media giant totalling €390 million for GDPR violations.
A lengthy probe by the data protection watchdog found that Meta’s use of data across its Facebook and Instagram platforms was unlawful.
The DPC investigation was launched following complaints made by privacy campaigner Max Schrems in 2018. The complaint argued that, in order to comply with the newly-implemented regulations, both platforms requested users click “I accept” to confirm they agreed to updated conditions for ad targeting purposes.
According to the DPC, this meant the social media company had “forced” user consent to data processing unless they left the social media platforms, resulting in a breach of privacy regulations.
An initial fine of €210 million was issued for GDPR violations on Facebook, the DPC said, while a second €180 million fine was also related to breaches by Instagram.
In a ruling on Wednesday, the DPC said that Meta must also bring its data processing operations in line with GDPR requirements within three months.
Meta said it plans to appeal the ruling, and told CNBC that the decision will not result in a ban on personalised advertising on Meta platforms.
“The suggestions that personalised ads can no longer be offered by Meta across Europe unless each user’s agreement has first been sought is incorrect,” a spokesperson for the company said.
“There has been a lack of regulatory clarity on this issue, and the debate among regulators and policymakers around which legal basis is most appropriated in a given situation has been ongoing for some time,” the statement added.
Forrester analyst Stephanie Liu warned that if the ruling stands, however, Meta will likely be forced to “explicitly ask users for consent for behavioural advertising” - or find a workaround.
“It would also need processes, workflows, and capabilities to disable targeted advertising for users who don’t consent while also convincing advertisers that its properties are still worthy of their ad budgets,” Liu added.
Recurring Meta fines
This latest batch of fines marks the climax of a difficult 12 months for the social media giant. Across the past year, Meta has incurred more than €1 billion in fines from European regulators.
In November, the company was fined €265 million by the DPC after a lengthy probe into a damaging data scraping incident.
Six myths of SIEM
Things have changed when it comes to SIEM solutionsFree Download
The 17-month inquiry found that personal data belonging to more than 533 million Facebook users was publicly available online, and had been scraped from the platform over a 15-month period between May 2018 and September 2019.
Two months prior, in September 2022, regulators also imposed a €405 million fine after Instagram was found to have mishandled teenagers’ personal information.
This consistent wave of regulatory crackdowns has prompted the tech giant to set aside a €2bn (£1.7bn) fund to accommodate for penalties expected across 2023, according to reports from the Irish Times.
2023 Strategic roadmap for data security platform convergence
Capitalise on your data and share it securely using consolidated platformsFree Download
The 3D trends report
Presenting one of the most exciting frontiers in visual cultureFree Download
The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana
Cost savings and business benefitsFree Download
Leverage automated APM to accelerate CI/CD and boost application performance
Constant change to meet fast-evolving application functionalityFree Download