Meta Inc Is Fined for Privacy Breaches For Targeted Ads

Facebook’s parent company Meta Inc might have to overhaul one of its primary sources of revenue after a decision held by the Irish Data Protection Commission (DPC) found the company had violated EU data privacy laws. 

The DPC gave the company two separate fines totaling €390 million after the European Data Protection Board (EDPB) intervened and held that the company's advertising model breached the EU's General Data Protection Regulation (GDPR). 

Meta responded by stating that they believe their approach is in line with the GDPR and that they would appeal the ruling. Both decisions stem from complaints filed by Austrian activist Max Schrems, who argued that the company broke the law by creating a consent clause in their terms and conditions rather than giving Facebook and Instagram users a yes/no option for personalised targeted ads. 

Previously, before the GDPR took effect in May 2018, Meta relied on informed consent from users so that they could process their data and offer them personalised ads based on their search history and usage. However, the company changed this model after the GDPR came into force in 2018 and created a clause within their terms of services which meant that their services were only accessible if users agreed to their data being processed for highly targeted advertising. 

What Do Our Experts Say About Meta’s Privacy Breaches?

This outcome sends a strong message to other companies within the industry that data processing methods face scrutiny across the EU particularly. Failure to comply with data privacy laws can result in fines equaling up to 4% of a company's global turnover.

Meta is not the only big tech company to face repercussions for breaching EU privacy rules. Recently, the French data protection authority, the Commission National de l'Informatique (CNIL), fined Apple €8 million after finding that they collected user data by default without their consent. Users had to take too many steps to deactivate this defaulted privacy setting which meant that consent was too difficult to obtain. 

More recently, CNIL fined TikTok a total of €5 million for similar violations under Article 82 of the 1978 Act on Data Processing, Data Files, and Individual Liberties. TikTok made it too difficult for users to decline cookies by clicking multiple times but made it easy to accept cookies in just one click. 

The Meta fine can be seen as a step towards regulating targeted ads. Social media targeted ads can be seen as concerning in a number of ways, particularly as they bring risk to personal autonomy. They can heavily influence a user’s spending or religious, political, and health behaviours and habits. This is especially dangerous for minors who are not really adequately protected, although many data protection authorities around the world are trying to combat this including Denmark and Ireland. 

How Can Gerrish Legal Help?

Gerrish Legal is a dynamic digital law firm. We pride ourselves on giving high-quality and expert legal advice to our valued clients. We specialise in many aspects of digital law such as GDPR, data privacy, digital and technology law, commercial law, and intellectual property. We give companies the support they need to successfully and confidently run their businesses whilst complying with legal regulations without the burdens of keeping up with ever-changing digital requirements. 

We are here to help you, get in contact with us today for more information.