Ireland has imposed two fines on Meta, the parent company of Facebook, for processing personal data of its users in Europe since May 2018: one for 210 million euros for the service it provides through the popular social network and another for 180 million. for Instagram. In addition, the Irish data regulator has given the US tech giant three months to adjust to European regulations. The Dublin decision comes after the council, which includes all European regulators, whether from the European Union or Norway and Iceland, defined its position on these issues and also on WhatsApp, although this decision was half a month late.
The Irish ruling is actually much stricter than the same regulator initially expected. The initial draft suggested a penalty of between 26 million and 38 million, which was finally multiplied by 10 without counting, however, the ruling on WhatsApp, the messaging service. The correction came after the regulator in Ireland, where Meta’s European headquarters is located, submitted its decision to review its European peers and the body that brings them all together, the European Data Protection Board (EDPB, for its English acronym) and ran into a claim from Norway in 2021. Just a year later it was made EDPB changed its position and this led to a change of position in Dublin.
“We are disappointed with these decisions and intend to appeal the rulings and fines,” the company said when the decision was announced.
The resistance of Ireland, the country where all the big US tech companies are located, to being tougher with the Meta speaks to the fact that it refuses to enforce one of the EDPB’s decisions. I’ve tried to order a DPC [siglas del regulador irlandés] To carry out a new investigation covering all data processing operations on Facebook and Instagram and examining the special categories of personal data that may or may not be processed in the course of these operations. […]. The matter may indicate an overreach by the EDPB, and the CPD considers it appropriate to lodge an appeal for annulment before the Court of Justice of the European Union to request annulment.”
The investigation, which, for the time being, ends with these two penalties and the requirement to adapt to the European regulation on data within three months, has been activated after the complaint of an “Austrian citizen” and another “Belgian”. The complainant is Max Schrems, an activist in the protection of personal data in the digital world and founder of the NGO Noyeb, which issued a statement this Wednesday upon learning of the final decision. In it, it stressed that “Meta cannot use personal data for ads based on an alleged contract. Users will have to give their consent, otherwise Meta will not be able to use their data for personal ads,” they explained, explaining the impact of the ruling.
Noyeb’s reference to the “alleged contract” is significant, Ireland’s DPC admits. This same body makes clear in its statement that its interpretation of European data protection regulations was different and, therefore, agreed with Meta that when users give their consent to the use of data, they sign a kind of contract with the company that allowed you to use it to personalize ads. “EDPB took a different view on the issue of ‘legal basis’, keeping in mind that, in principle, Meta Ireland would not have been entitled to invoke the ‘contractual’ legal basis as the legal basis for processing personal data for purposes relating to advertising behaviour,” it explains.
In addition to noting that the failures are “disappointing,” Meta was quick to point out that Wednesday’s known failures do not mean personalized ads are banned. The decisions refer only to the legal basis Meta uses to serve certain advertisements. Advertisers can continue to use our platforms to reach potential customers, grow their business and create new markets.” The company goes so far as to assert that “Decisions do not force the use of consent – [hay] The other legal basis available under the GDPR – for this transaction. The suggestion that Meta can no longer serve personalized ads across Europe unless consent is requested in advance from each user is incorrect.
If the penalty applies to the use of data released by the North American tech company since 2018, it is because on May 25 of that year, a new EU regulation on data protection came into effect. To adapt to it, the company has begun requiring users of its apps to accept updated terms. Otherwise, they will not be served. Since then, Meta interpreted that this acceptance was similar to the conclusion of a contract between itself and the user and that from then on, behavioral advertising could be directed at them.
You can follow country technology in a Facebook s Twitter Or sign up here to receive The weekly newsletter.
