Irish regulators on Wednesday hit Facebook parent Meta with hundreds of millions in fines for online privacy violations and banned the company from forcing European users to agree to personalized ads based on their online activity.
Ireland91ÂãÁÄÊÓƵ™s Data Protection Commission imposed two fines totaling 390 million euros ($414 million) in its decision in two cases that could shake up Meta91ÂãÁÄÊÓƵ™s business model targeting users with ads based on what they do online.
The watchdog fined Meta 210 million euros for violations of the European Union91ÂãÁÄÊÓƵ™s strict data privacy rules involving Facebook and an additional 180 million euros for breaches involving Instagram.
It91ÂãÁÄÊÓƵ™s the commission91ÂãÁÄÊÓƵ™s latest punishment for Meta for data privacy infringements, for the company since 2021 that total more than 900 million euros.
The decision stems from complaints filed in May 2018 when the 27-nation EU91ÂãÁÄÊÓƵ™s privacy rules, known as the General Data Protection Regulation, or GDPR, took effect.
Previously, Meta relied on getting informed consent from users to process their personal data to serve them personalized, or behavioral, ads. When GDPR came into force, the company changed the legal basis under which it processes user data by adding a clause to the terms of service for advertisements, effectively forcing users to agree that their data could be used. That violates EU privacy rules.
The Irish watchdog initially sided with Meta but changed its position after the draft decision was sent to a board of EU data protection regulators, many of whom objected.
In its final decision, the Irish watchdog said Meta 91ÂãÁÄÊÓƵœis not entitled to rely on the 91ÂãÁÄÊÓƵ˜contract91ÂãÁÄÊÓƵ™ legal basis to deliver behavioral adverts on Facebook and Instagram.91ÂãÁÄÊÓƵ
Meta said in a statement that 91ÂãÁÄÊÓƵœwe strongly believe our approach respects GDPR, and we91ÂãÁÄÊÓƵ™re therefore disappointed by these decisions and intend to appeal both the substance of the rulings and the fines.91ÂãÁÄÊÓƵ
The Irish watchdog is Meta91ÂãÁÄÊÓƵ™s lead European data privacy regulator because its regional headquarters is in Dublin.