Meta Group, the parent company of Facebook, was fined two hefty fines totaling 390 million euros (C$560 million) on Wednesday for breaching European data regulation (GDPR), the Irish regulator said. on behalf of the European Union.
The Irish Data Protection Commission (DPC) clarified in a statement that Meta had breached “its transparency obligations” and was relying on an incorrect legal basis “for its processing of personal data for advertising purposes. » targeted.
This sanction follows the adoption in early December of three binding decisions by the European Data Protection Board (EDPS), the European regulator for the sector. One of them, concerning WhatsApp, was later notified to the DPC and will be decided next week.
The privacy group Noyb, which initiated the three complaints against the group, had accused Meta of reinterpreting consent “as a simple civil law contract”, which does not allow you to opt out of targeted advertising.
In October 2021, the Irish authority had originally proposed a draft decision which validated the legal basis used by Facebook and suggested a fine of 26 to 36 million euros for lack of transparency.
The French Cnil and other regulators had expressed their disagreement with this draft sanction, deemed to be far too weak. They had asked the EDPS to judge the dispute, and the latter agreed with them on the question of the legal basis.
The Noyb association welcomed a decision on Wednesday which it believes will force Meta to implement “a yes / no consent option” for the use of its users’ personal data, failing which the company “cannot use their data for personalized advertising”.
Meta said he was “disappointed” with the decisions and indicated his intention to appeal, “both on the merits and on the fines”, in a statement sent to AFP.
“The debate around the legal bases” for the processing of personal data “has been going on for some time and companies are faced with a lack of regulatory certainty on the issue”, estimates the company.
“These decisions do not preclude targeted or personalized advertising” and “advertisers can continue to use our platforms to reach potential customers, grow their business and create new markets,” adds Meta.
The Irish policeman has already sentenced the Californian giant in September to a fine of 405 million euros ($581 million) for failures in the processing of minors’ data, and in November up to 265 million euros ($380 million $) for not having sufficiently protected the data of its users.