Meta/Facebook was hit with a massive 390 million Euro ($414 million) fine by the Irish Data Protection Commission (IDPC) after ruling that the company’s Facebook and Instagram services breached EU privacy regulations. Since 2 different social media platforms were found to be in violation, the fines are split into 2 parts: a 210 million euro ($222.5 million) fine over violations of the European Union’s General Data Protection Regulation (GDPR) made by Facebook and a 180 million euro fine related to breaches of the same law allegedly made by Instagram. But Meta maintains that the new regs are hard to follow.
The IDPC explained the complaints against Meta/Facebook were made on 25 May 2018, the date on which the GDPR came into operation. In advance of 25 May 2018, Meta Ireland changed the Terms of Service for its Facebook and Instagram services. It also flagged the fact that it was changing the legal basis on which it relies to legitimize its processing of users’ personal data. (Under Article 6 of the GDPR, data processing is lawful only if and to the extent that it complies with one of six identified legal bases). Having previously relied on the consent of users to the processing of their personal data in the context of the delivery of the Facebook’s and Instagram’s services (including behavioral advertising), Meta Ireland now sought to rely on the “contract” legal basis for most (but not all) of its processing operations.
Will you offer us a hand? Every gift, regardless of size, fuels our future.
Your critical contribution enables us to maintain our independence from shareholders or wealthy owners, allowing us to keep up reporting without bias. It means we can continue to make Jewish Business News available to everyone.
You can support us for as little as $1 via PayPal at [email protected].
Thank you.
Ina statement, Facebook said, “We strongly believe our approach respects G.D.P.R., and we’re therefore disappointed by these decisions.”
And a Meta spokesperson told CNBC “The suggestion that personalized ads can no longer be offered by Meta across Europe unless each user’s agreement has first been sought is incorrect.”
The Meta spokesperson also cited what he described as a “lack of regulatory clarity on this issue” as causing the problems and said “the debate among regulators and policymakers around which legal basis is most appropriate in a given situation has been ongoing for some time.”
“That’s why we strongly disagree with the DPC’s final decision” he added, “and believe we fully comply with GDPR by relying on Contractual Necessity for behavioral ads given the nature of our services. As a result, we will appeal the substance of the decision.”
Facebook/Meta has already taken steps to meet the European regulations, promising users that it has disabled ads on their pages. Many of its users received an email from the company saying, “After a review of your Facebook Account, its access to advertising is now restricted because of inauthentic behavior or violations of our Advertising Policies or Community Guidelines. Any ads connected to this Facebook Account that were running are now disabled.”
The Data Protection Commission (DPC) is the national independent authority responsible for upholding the fundamental right of individuals in the EU to have their personal data protected. The DPC is the Irish supervisory authority for the General Data Protection Regulation (GDPR), and also has functions and powers related to other important regulatory frameworks including the Irish ePrivacy Regulations (2011) and the EU Directive known as the Law Enforcement Directive.