Meta was fined $410 million (€390 million) for violating EU data protection regulations.
Meta’s request for authorization to use people’s data for advertisements on Facebook and Instagram was illegal, according to the Irish Data Protection Commission (DPC).
The business that owns both sites, Meta, has three months to change how it gathers and uses data to target adverts.
Meta expresses “disappointment” and intends to appeal, stating that the decision does not restrict personalized advertising on its platforms.
According to the authority, Facebook and Instagram cannot “force consent” by compelling users to agree on how their data is treated or leave the platform.
Because Facebook and Instagram have European headquarters in Ireland, the DPC ensures that they comply with EU data protection regulations.
Privacy experts hail the decision as a landmark victory since it demands Meta give users genuine control over how their data is used to target internet advertisements.
It means that Meta will have to change how a crucial part of its business operates.
Advertising will generate more than $118 billion (£97.8 billion) in revenue for the corporation in 2021.
The fine marks the watchdog’s second large penalty in recent months.
In November, the DPC fined €265 million (£228 million) for a data breach that exposed the personal information of hundreds of millions of Facebook users online.
The Irish Times reports that Meta has set aside €2 billion (£1.7 billion) to cover anticipated European fines in 2023.
New legislation, new complaints
In order to comply with GDPR, Facebook and Instagram required users to click “I accept” to confirm that they agreed to update the terms of service, which detailed how personal data will be used in adverts.
Users who refused were unable to access Facebook or Instagram.
According to the complainants, Meta was “forcing” individuals to agree to their data being used in targeted advertisements, which breached the GDPR.
According to Meta’s representatives, Facebook and Instagram are “inherently personalized,” and targeted ads are an “essential and vital element” of how the networks function.
They stated that Meta was not setting an ultimatum to users and that the platforms would be unable to function without using data for advertising.
The DPC, however, decided that this was not the case, and users were obliged to consent.
According to the DPC, Meta also needs to be more honest with users about how and why it uses their data.
However, the decision was reached only after extensive consultation with other European data organizations.
The European Data Protection Board eventually settled this in December.
According to Meta’s officials, the business intends to appeal the amount of the fines imposed “given that authorities disagreed on this matter.”
Instead of requiring customers to accept how the corporation uses data, the corporation argues that it gives them various tools to control how their data is used.
Meta settles Cambridge Analytica scandal
Meta, Facebook’s owner, agreed to pay $725 million (£600 million) to settle legal action related to a data breach linked to political agency Cambridge Analytica late last year.
In the long-running dispute, Facebook was accused of giving other parties, including the British company, access to users’ personal information.
According to lawyers, the proposed payment is the largest in a data privacy class action in the United States.
Meta did not admit wrongdoing and maintained that its privacy standards have been “revamped” over the past three years.
The company argued that the settlement was “in the best interests of our community and stockholders.”
The suit was filed on behalf of a vast proposed class of Facebook users whose personal information was shared with third parties without their knowledge on the social network.
According to the judgment document, the class size is “250-280 million” people, encompassing all Facebook users in the United States from May 24, 2007, through December 22, 2022.
It still needs to be made clear how the claimants will get their share of the settlement.
The settlement hearing is planned for March 2, 2023.
Third-party apps gathering personal information from Facebook users were at the center of the Cambridge Analytica privacy scandal, which was uncovered in 2018.
In 2016, the now-defunct consultancy firm helped Donald Trump’s successful presidential campaign, utilizing personal information from millions of US Facebook accounts for voter profiling and targeting.
The information was obtained without the users’ knowledge from a researcher who had been granted permission by Facebook to install an app on the network that copied data from millions of its users.
Facebook believes that the data of approximately 87 million people was shared improperly with the political consultancy business.
The controversy sparked regulatory inquiries into Facebook’s privacy practices, leading to lawsuits and a high-profile US congressional hearing in which Meta CEO Mark Zuckerberg was grilled.
Facebook agreed to pay $5 billion to settle an FTC probe into its privacy practices in 2019.
Furthermore, the internet giant paid a $100 million settlement to the US Securities and Exchange Commission over allegations that it misled investors about misusing customers’ data.
State attorney general investigations are ongoing, and the business is contesting a legal action brought by Washington, DC, attorney general.