Meta has once again violated European data protection laws and will have to pay more than 400 million dollars in fines: this was decided by the Data Protection Commission (DPC), the Irish GDPR authority. These are two different sanctions, born following violations on Facebook and Instagram reported in 2018.
According to the DPC, the company has violated the transparency obligations imposed by European laws by processing users’ personal data for advertising purposes, failing to fulfill its legal obligations. In detail, we talk about targeted advertising practices without the consent of users: Meta would have added a clause to the terms of advertising that forced users to share their personal data.
Violation of the GDPR: Meta’s response to the allegations
For Meta, the terms of service offered to the user complied with the regulations of the GDPR: The company claims that the data collected from users was necessary to offer personalized services and behavioral advertising. However, the DPC objected to Meta that access to the platforms was conditional on accepting the terms imposed, effectively obliging users to consent to data processing. According to the DPC, this violates the GDPR.
The Irish Commission criticizes the company for the lack of clarity in the terms proposed to the user: the objectives and operations related to personal data were not properly explained. Also, the way the data was handled was not transparent. In addition to this, the Commission discovered some cases where Meta did not respect users’ consent on the use of their personal data: several services were offered without consumers’ approval.
The company has announced that it will appeal following the provision issued by the Irish authorityarguing that the indications of the GDPR are not clear enough on the subject and that, for his part, he considers himself in full compliance with the European regulations on data processing.
The DPC meanwhile requires Meta to develop a version of Facebook and Instagram in which personal data is not used to offer personalized advertising. Furthermore, in the consent list, the company will have to explicitly ask users for permission to use their data for personalized ads.
The Commission’s decision puts Meta on an equal footing with other ad-using companies, for which the option for ads was already explicitly stated. The company faces significant adaptation challenges, as well as enormous reputational risk.
