The parent company of Facebook and Instagram, Meta, was fined a total of $414 million by Ireland’s Data Protection Commission (DPC) for breaking EU privacy laws.
According to the DPC, Meta unlawfully required users to consent to personalized and targeted advertisements.
As a result, Meta will pay roughly $223 million for breaking Facebook’s privacy policies and about $191 million for its actions on Instagram.
The decision follows two accusations lodged in 2018 that Meta violated the General Data Protection Regulation (GDPR).
The GDPR is a set of regulations that aids in safeguarding the personal data of EU citizens. It allows EU citizens more control over how businesses acquire, use, and share their personal information.
Additionally, the GDPR makes it unlawful for businesses to retain customer information without that customer’s consent.
This ruling emphasizes the significance of abiding by stringent privacy regulations and the penalties businesses may incur if they do not.
What Did Meta Allegedly Do Wrong?
The DPC claims that for customers to continue using their accounts, Meta required them to approve terms of service that, in reality, pushed them to sign new terms and conditions allowing their data to be used for personalized ads.
Additionally, the DPC says that the language used in the terms of service was unclear and did not adequately inform users of how their data was being used.
Meta Disagrees With Ruling
In response to the DPC’s ruling, Meta has announced plans to appeal the decision, stating that it believes its approach to data protection respects GDPR.
The company argues that personalized advertising is a regular aspect of social media and that Facebook and Instagram are inherently personalized.
In a blog post, Meta states:
“Facebook and Instagram are inherently personalised, and we believe that providing each user with their own unique experience – including the ads they see – is a necessary and essential part of that service. To date, we have relied on a legal basis called ‘Contractual Necessity’ to show people behavioural advertisements based on their activities on our platforms, subject to their safety and privacy settings. It would be highly unusual for a social media service not to be tailored to the individual user.”
Despite the decision, Meta says advertisers can continue to utilize personalized advertising campaigns on Instagram and Facebook.
“It’s important to note that these decisions do not prevent personalised advertising on our platform.”
What Happens Now?
Meta has the legal right to appeal the DPC’s ruling and will not be forced to make changes until a final decision is reached in court.
To that end, the DPC didn’t provide specific information about changes Meta has to make to comply with GDPR.
Featured Image: mundissima/Shutterstock