Editor’s Note
This article discusses a landmark €390 million fine imposed on Meta by Ireland’s data privacy regulator, requiring the company to reassess its legal basis for personalized advertising in the EU. The ruling underscores ongoing tensions between tech giants and regulatory frameworks over user data consent.
The fine amounts to 390 million euros and forces Meta to reevaluate its data collection methods.
Ireland’s data privacy regulator has fined Meta 390 million euros ($414 million) for violations in its Facebook and Instagram services, stating that both platforms must reevaluate the legal basis on which they display advertising based on users’ personal data within the European Union.
This decision is one of the most significant issued under the EU’s historic data protection law and creates a new commercial hurdle for the social media giant, which may be forced to make changes to its advertising-based business in the European Union, one of its key markets.
The data privacy law came into effect in 2018, designed to restrict the ability of Facebook and other digital companies to collect user information without their prior consent.
In Meta’s specific case, the issue lies in how the company obtains legal permission from users to collect their data and offer them personalized advertising. The company includes a very lengthy statement in its terms of service agreement, which users must accept before accessing networks like Facebook, Instagram, and WhatsApp. It states that users must allow their data to be used for personalized ads or else they must stop using Meta’s social networks.
The Irish Data Privacy Board, which serves as Meta’s primary regulator in the EU since the company’s European headquarters is in Dublin, has stated that EU authorities have determined that placing legal consent within the terms of service essentially “forces users to accept personalized advertisements, violating the European law known as the General Data Protection Regulation or GDPR.”
The sanction contrasts with regulations in the United States, where there is no federal data privacy law and only a few states like California have taken steps to create rules similar to the EU’s. However, it is assumed that any changes Meta makes as a result of the ruling could affect users in the United States, since many technology companies apply EU rules globally because it is easier to implement them broadly than to tailor them solely for Europe.
The EU ruling is the latest commercial obstacle facing Meta, which was already dealing with a significant drop in advertising revenue due to a change made by Apple in 2021 that gave iPhone users the ability to choose whether advertisers could track their activity or not.
The issue is that if a large number of users choose not to share their data, the move would cut off one of the most valuable parts of Meta’s business, which trades on information about users’ digital history, such as what videos they watch on Instagram or what type of links a person clicks on when browsing their Facebook feed.
Within the European Union, there has been some disagreement on how to enforce the GDPR since 2018. Irish authorities initially ruled that Meta’s use of terms of service to obtain user permission was legally sufficient to comply with the law, but this was overturned by a board composed of representatives from all EU countries.
Meta said in a statement at the time.