Meta, Mark Zuckerberg’s company that owns Facebook and Instagram, has already on several occasions aroused the anger of European institutions for its lack of respect for data privacy legislation. After threatening Meta with expulsion a few months ago, the European Union has just fined the company €390 million.
The Irish Data Protection Commission, working for the EU, explained in a statement that Meta had breached “its transparency obligations” and had used the wrong legal basis “for its processing of personal data for the purpose of targeted advertising.”
The total amount comes from two separate fines: one for Facebook, for €210 million, and another for Instagram, for €180 million. A third fine could come for WhatsApp. The privacy group Noyb, which brought the three complaints, had accused Meta of reinterpreting consent “as a mere civil law contract” which does not allow the refusal of targeted advertising.
The decision taken by the European regulator on Wednesday, January 4th, would force Meta to put in place a “yes/no consent option” for the use of its users’ personal data or forfeit the right to use their data for personalised advertising.
Noyb welcomed the decision. “Instead of having a ‘yes/no’ option for personalised ads, Meta had simply moved the consent clause into the terms and conditions. This is not only unfair but clearly illegal,” commented Austrian lawyer Max Schrems, founder of Noyb, in a statement. “We know of no other company that has tried to ignore the GDPR in such an arrogant way,” he added.
The company has three months to comply, but Meta has announced its intention to appeal both on the merits and the fines. In its defence, Zuckerberg’s company argues that there is not enough “regulatory certainty” about data protection. This debate has been going on for a long time, and no satisfactory answer has really been given. The amount of the fines in relation to the profits made by Meta’s platforms might seem paltry, as Meta boasts a net profit of $39.37 billion for 2021. But the fines have been mounting in recent months. The Irish authority, on behalf of the EU, fined Meta €405 million in September for failures in handling the data of minors and €265 million in November for not sufficiently protecting its users’ data. Meta is also at risk of seeing its advertising revenues fall by up to 5-7%.