The Meta group, the parent company of Facebook, was fined this Wednesday, January 4, two heavy fines totaling 390 million euros for violation of the European data regulation (RGPD), after two other salty sanctions this fall.
Towards a virtual universe, but with real money
The Irish Data Protection Commission (DPC), a regulator that acts on behalf of the EU, said in a statement that Meta had breached “its obligations in terms of transparency” and relied on an erroneous legal basis “for its processing of personal data for advertising purposes” targeted.
The sequel after the ad
This sanction follows the adoption in early December of three binding decisions by the European Data Protection Board (EDPS), the European regulator for the sector.
The first two concerned offenses related to social networks Facebook, for which the fine amounts to 210 million euros, and Instagram, another subsidiary of Meta, and which is targeted by the remaining 180 million euros.
The third EDPS decision, regarding WhatsApp, was later notified to the Irish regulator and will be the subject of a separate decision next week.
“No other company has tried to ignore GDPR in such an arrogant way”
The privacy association Noyb, which initiated the three complaints against the group, filed on May 25, 2018, the date of entry into force of the GDPR, had accused Meta of reinterpreting the consent “like a simple civil law contract”which does not opt out of targeted advertising.
The sequel after the ad
In October 2021, the Irish authority had originally proposed a draft decision which validated the legal basis used by Facebook and suggested a fine of 26 to 36 million euros for lack of transparency.
Adam McKay: “Facebook is as bad as pollution, nuclear weapons, food preservatives, marketing”
The French Cnil and other regulators had stepped up to the plate in the face of this amount deemed largely insufficient. They had asked the EDPS to judge the dispute, and the latter agreed with them on the question of the legal basis.
“Instead of having a ‘yes/no’ option for personalized ads, (Meta) has simply moved the consent clause into the terms and conditions. This is not only unfair but clearly illegal”commented the Austrian lawyer Max Schrems, founder of Noyb, in a press release.
“We don’t know of any other company that has tried to ignore GDPR in such an arrogant way”he added on Wednesday.
The sequel after the ad
Meta has three months to comply with the law
The Noyb welcomed this Wednesday a decision which, she believes, will force Meta to put in place “a consent option” for the use of the personal data of its users, failing which the company “cannot use their data for personalized advertising”.
Meta has three months to “bring its data processing operations into compliance”, said the DPC in its press release on Wednesday. Meta says to himself ” disappointed “ decisions and announced its intention to appeal, “both of the merits and of the fines”according to a statement sent to AFP.
“The debate around the legal bases” for the processing of personal data “has been going on for some time and companies are facing a lack of regulatory certainty on the issue”says the company.
“These rulings do not prevent targeted or personalized advertising” and “advertisers can continue to use our platforms to reach potential customers, grow their business and create new markets”adds Meta.
The sequel after the ad
A variety of solutions to escape the decision
The company also believes that the DPC does not require it to set up a consent option and says it is evaluating a variety of solutions to change the legal basis for data processing.
A source close to Meta told AFP that the legal basis for “legitimate interest”provided for by the GDPR, was examined by the company.
The Irish Constable has already fined the Californian giant in September for 405 million euros for failures in the processing of minors’ data, and in November to the tune of 265 million euros for not having sufficiently protected the data. of its users.
