As a result of the Irish privacy regulator’s finding that the company’s advertising and data handling practises violated the EU’s general privacy law, Facebook’s parent company Meta has been hit with two sets of fines totaling €390 million. A €210 million fine for contravening the EU’s General Data Protection Regulation (GDPR) and a €180 million fine for Instagram’s violations of the GDPR were recommended by the Irish Data Protection Commission on Wednesday, January 4.
According to the Irish DPC, EU authorities found that Meta’s lengthy terms of service agreement effectively forced users to accept personalised ads, in violation of the GDPR, by requesting their consent to collect their data for individualised advertising. It stated that Meta must “come into compliance within three months” with regard to its data processing activities.
The European Data Protection Board, which oversees regulatory action on data privacy across the 27-nation bloc, stated in December that Meta was not permitted to merely rely on contracts as a legal basis for processing user data for targeted advertisements. The DPC decision builds on that statement.
According to the GDPR, cross-border cases must be handled by the data protection authority in the nation where the company is headquartered. As a result, the Irish DPC serves as the primary regulatory body for Meta and several other US tech giants with Ireland-based headquarters.
* To start, this case is especially noteworthy because the Irish DPC started looking into Facebook on May 25, 2018, the day the GDPR went into effect. So, in a way, the case’s outcome supports the central tenet of the EU’s ground-breaking legislation: the individual’s right over her data and the requirement that an individual provide explicit consent before their data can be processed.
Two, according to information from Bloomberg, Meta’s projected profits for 2023 have decreased by almost 50% at the same time as this fine. The much-hyped Metaverse push by the company is failing, and the performance metrics show indications that both users and advertisers are abandoning the platforms (with perhaps the exception of Instagram Reels and messaging platform WhatsApp). And since 2021, when Meta, formerly known as Facebook, changed its name, its stock price has dropped by nearly 60%.
This decision might compel Meta to explicitly ask EU users if they want their data used for personalised advertising or not. In essence, it might imply that Meta would have to obtain “opt-in consent,” much like other advertisers doing business in the EU currently must. After the January 4 decision, Meta released a statement stating that it intended to appeal the decision and that businesses can still target users with ads using Meta’s platforms because it “does not amount to a ban on personalised advertising.”
The blow Apple dealt to Meta’s digital advertising business last year, which made it more difficult for iPhone apps to track users’ online activity, is now compounded by this forced change. According to Meta, Apple’s changes may result in $10 billion in revenue losses in 2022 and may have repercussions for years to come.
The DPC decision follows other regulatory actions that Meta is currently dealing with. In addition to investigating Meta’s proposed acquisition of Within, a developer of virtual reality fitness applications, the US Federal Trade Commission is suing the company for alleged abuse of its “monopoly” in social networking. According to information gathered by the Economist, regulators in the UK ordered Meta to cancel its purchase of Giphy, a company that creates animated images, in October.