Ireland’s Data Protection Commission (DPC) has fined Meta over its handling of user data, following hundreds of millions of dollars in similar fines and potentially putting parts of its ad business at risk. The DPC announced today that Meta must pay €210 million (around $222 million) for violating European Union privacy rules with Facebook’s practices, plus €180 million (around $191 million) over similar violations with Instagram.
The fines stem from two 2018 complaints about how Meta — formerly Facebook — complied with the General Data Protection Regulation (GDPR), which went into effect that year. Both Facebook and Instagram’s terms of service began requiring users to accept a new terms of service contract that included the processing of user data. But the complaints alleged that this amounted to “forcing” them to consent to things like targeted advertising in violation of the new rules.
The DPC found that Meta’s updates had been insufficiently clear, and after consulting with the European Data Protection Board (EDPB), it decided that Meta couldn’t rely on the contract as an absolute defense of its business practices. The EDPB’s guidance also led regulators to increase their planned fines for the company. In addition to the fines, Meta must bring its operations into compliance with the GDPR within three months.
Previous reporting by The Wall Street Journal indicated that Meta could face significant restrictions on its ability to conduct targeted advertising under the new rules. In a blog post, Meta said it intended to appeal the decisions, but it denied that they meant it would have to stop the practice. “These decisions do not prevent personalized advertising on our platform. The decisions relate only to which legal basis Meta uses when offering certain advertising,” it said. “We are assessing a variety of options that will allow us to continue offering a fully personalized service to our users.”
These fines come on top of several previous rulings that Meta violated European regulations. The DPC determined in November that Meta should pay $276 million over a 2021 data leak, in September it issued a $402 million fine for how it handled teens’ Instagram data, and in March it fined the company around $18 million for record-keeping problems.