LONDON — European Union regulators on Wednesday hit Facebook’s parent company Meta with hundreds of millions of dollars in fines for privacy violations and barred the company from forcing users in the 27-nation bloc to agree with personalized ads based on their online activity.
Ireland’s Data Protection Commission has imposed two fines totaling 390 million euros ($414 million) in its decision in two cases that could shake the business model of targeting users. of Meta with ads based on what they do online. The company said it would appeal.
A decision in the third case regarding Meta’s WhatsApp messaging service is expected to be made later this month.
Meta and other big Tech companies have come under pressure from the European Union’s privacy rules, some of the strictest in the world. Irish regulators have fined Meta four other fines for data privacy breaches since 2021 totaling more than 900 million euros, and there are another set of open lawsuits against several companies in the Valley. Silicon Valley.
Meta also faces regulatory headaches from EU antitrust officials in Brussels flexing their muscles against the tech giants: Last month, they accused the company of squeezing distort competition in classified ads.
Ireland’s watchdog — Meta’s leading European data privacy regulator because of its regional headquarters in Dublin — fined the company €210 million for breaching data privacy rules of the EU related to Facebook and an additional 180 million euros for violations related to Instagram.
The decision stems from complaints filed in May 2018 when the 27-nation bloc’s privacy rules, known as the General Data Protection Regulation, or GDPR, went into effect.
Previously, Meta relied on obtaining informed consent from users to process their personal data to provide them with personalized or behavioral advertising, based on what users searched for. search online, websites they visit, or videos they click on.
When GDPR went into effect, the company changed the legal basis under which it processes user data by adding a clause to its terms of service for advertising, forcing users to agree that their data they can be used. That violates EU privacy rules.
The Irish watchdog initially sided with Meta but changed its position after its draft decision was sent to the EU’s data protection regulatory council, many of whom opposed it.
In its final decision, the Irish watchdog said Meta “has no right to rely on ‘contractual’ legal grounds” for the distribution of behavioral ads on Facebook and Instagram.
Meta said in a statement that “we strongly believe that our approach respects the GDPR, and as such, we are disappointed by these decisions and intend to appeal both the content of the ruling and fines.”
Meta has three months to ensure the company’s “processing activities” comply with EU rules, although the ruling does not specify what the company must do. personalized advertising, it includes only the legal basis for processing user data.
Max Schrems, the Austrian lawyer and privacy activist who filed the complaint, said the ruling could deal a blow to corporate profits in the EU, because “people now need asked if they would like their data to be used for advertising. ” and may change its mind at any time.
“This decision also ensures a level playing field with other advertisers who also require opt-in consent,” he said.
Making changes to decision compliance can add to the costs for a company facing increasing business challenges. Meta reported falling revenue for two straight quarters as ad sales fell due to competition from TikTok, and it laid off 11,000 workers amid a troubled tech industry.