Meta Gets €390 Mln Fine For Data Breaches
Facebook and Instagram parent Meta Platforms has been fined 390 million euros or around $414 million by a major European regulator for breaking EU data rules over ads.
The Irish Data Protection Commission or DPC fined Meta Ireland noting that its policy of using private user data to personalize ads on Facebook and Instagram violated new data protection laws.
The DPC decision follows the conclusion of two inquiries into the data processing operations of Meta Ireland in connection with the delivery of its Facebook and Instagram services.
In a statement, the DPC said it has fined Meta Ireland 210 million euros for breaches of the EU’s General Data Protection Regulation or GDPR relating to its Facebook service, and 180 million euros for breaches in relation to its Instagram service.
Meta has three months to bring its data processing operations into compliance with the privacy laws.
The DPC inquiries followed two complaints about the Facebook and Instagram services that were made on May 25, 2018, the date on which the GDPR came into operation.
An Austrian data subject’s complaint was in relation to Facebook, while a Belgian data subject complained about Instagram.
Following the introduction of the GDPR, existing and new users were asked to click “I accept” to indicate their acceptance of the updated Terms of Service if they wished to continue to have access to the Facebook and Instagram services. The services would not be accessible if users declined to do so.
The complainants argued that, by making the accessibility of its services conditional on users accepting the updated Terms of Service, Meta Ireland was in fact “forcing” them to consent to the processing of their personal data for behavioural advertising and other personalised services. The complainants argued that this was in breach of the GDPR.
The DPC’s latest decisions include findings that Meta Ireland is not entitled to rely on the “contract” legal basis in connection with the delivery of behavioural advertising as part of its Facebook and Instagram services. The company’s processing of users’ data to date, in purported reliance on the “contract” legal basis, amounts to a contravention of Article 6 of the GDPR.
Meanwhile, Meta reportedly said it is disappointed and would appeal, and noted that the decision does not prevent personalised advertising on its platforms.
Source: Read Full Article