Ireland’s Data Protection Commission (DPC) has fined Meta Platforms €390 million (approximately $414 million) for handling user data to serve personalized ads.
To that end, the privacy regulator has ordered Meta Ireland to pay two fines. A fine of €210 million ($222.5 million) and a fine of €180 million ($191 million) for violations of the EU General Data Protection Regulation (GDPR) related to Facebook. Regarding similar violations on Instagram.
The latest enforcement follows concerns that social media companies have used terms of service to force users to agree to allow targeted advertising based on their online activity. The complaint was filed on his May 25, 2018, when the GDPR came into force in the region.
It also arrives a month after the European Data Protection Board (EDPB), the independent body overseeing the consistent application of the GDPR in the EU, announced that it had reached a binding decision on the matter. .
The DPC ruling means that Meta will no longer be allowed to rely on contracts (i.e., accept terms of service) as the legal basis for processing personal data for behavioral advertising, effectively We consider the company’s advertising practices to be illegal.
“Meta Ireland has no right to rely on a ‘contractual’ legal basis in relation to the delivery of behavioral advertising as part of the Facebook and Instagram services and to date the processing of user data is subject to a ‘contractual The legal basis would be to violate Article 6 of the GDPR,” the DPC said.
Meta argues that tailoring the advertisements it serves based on data about users’ online behavior is a necessary part of the personalized services it offers, but making its data processing operations compliant requires It will take 3 months.
“Instead of providing a yes/no option for personalized ads, we just changed the consent clause in our terms of service,” says Max Schrems of NOYB, the privacy nonprofit that filed the original complaint against Meta. said Mr. “This is not only unfair, it is clearly illegal.”
Meta has already struggled with declining advertising revenue over the past year, partly because Apple changed privacy last year in iOS to require apps to ask for permission before tracking users, but the decision is a no-brainer. It is “disappointed” and “believes its approach respects the GDPR. The company intends to appeal the DPC’s findings.”
“It is important to note that these decisions do not prevent personalized advertising on our platform,” the company noted. It only relates to the legal basis for use.”
The tech giant further characterized the proposal that it can no longer serve personalized ads to European users without opt-in approval as “wrong,” saying it lacked regulatory clarity on the issue. rice field.
These new financial penalties add to last year’s pile of privacy fines against Meta in Europe and the US. At the end of December 2022, he also agreed to pay $725 million to settle a class action lawsuit alleging that the company allowed unauthorized third parties to access user data.
In 2018, a class action lawsuit was filed after Facebook revealed that the information of its 87 million users was improperly shared with British political consultancy Cambridge Analytica.
Apple fined 8 million euros by French CNIL
In a related development, French privacy watchdog Commission nationale de l’informatique et des libertés (CNIL) has accused iPhone users of not obtaining consent before using their IDs to show targeted ads on iOS 14.6. , fined Apple 8 million euros. .
“Furthermore, this possibility was not integrated into the phone’s initialization path, so users had to perform numerous actions to disable this setting,” said the agency.
apple Said The company plans to appeal the lawsuit, noting that it gives users “a clear choice as to whether or not they want personalized ads.” It is said that it depends only on
