Meta appealing the $400 million penalty for breaching EU privacy laws

Yet another huge fine for Meta for breaking users' privacy for the sake of profits

The Irish Data Protection Commission issued a massive fine for Meta on Wednesday, concluding the lengthy investigations that lasted over four years. The Irish regulator determined that the company had violated EU privacy laws through its advertising and data handling practices.

Meta was forcing users of Instagram and Facebook to agree to provide personal data to be processed for targeted advertising. The company is accused of abusing its size and power in the industry while monetizing users' information. This huge fine of 4 billion shows that big tech companies are in trouble.

The Irish Data Protection Commission has ordered Meta to pay two hefty fines; the first fine of 210 million euros ($222.5 million) is due to violations of GDPR (General Data Protection Regulation), and a second penalty of 180 million euros ($191 million) for breaches from Instagram that also contravened this regulation.

Meta Ireland has also been provided a 3-month timeline to ensure that their data processing operations meet the necessary regulatory standards, which means that Meta would not be able to process users' personal data until the opt-in option becomes available.

Users were forced to accept terms in order to continue using Facebook and Instagram services

The complaints were filed on May 25, 2018, by two independent non-profit organizations from Belgium (in relation to Instagram) and Austria (in relation to Facebook). This date is when General Data Protection Regulation was first implemented in the European Union, essentially allowing parties to push charges.

The changes to terms were made right before the implementation of GDPR:^[1]

In advance of 25 May 2018, Meta Ireland had changed the Terms of Service for its Facebook and Instagram services. It also flagged the fact that it was changing the legal basis on which it relies to legitimise its processing of users’ personal data.

To grant users further access to the Facebook and Instagram services after GDPR was released, existing (and new) users were asked to click “I accept” on their Terms of Service updates. Refusal would deny them entry into these social media platforms.

Meta protests the verdict

In response to the DPC's fine of over $400 million, Meta has released a blog post asserting that its data processing approach for advertisements promotes compliance with GDPR. Furthermore, they are challenging both the decision and fines imposed by appealing it on legal grounds. The blog post added:^[2]

There has also been inaccurate speculation and misreporting on what these decisions mean. We want to reassure users and businesses that they can continue to benefit from personalised advertising across the EU through Meta’s platforms.

Meta argues that the DPC's decisions do not outlaw personalized advertising on its platform, nor does it require consent for ads-based processing. It claims that Facebook and Instagram are “inherently” personalized and that each user should be provided with a “unique” experience, which includes the ads as well.

The numerous fines

Accumulating to the stack of privacy fines already imposed on Meta in Europe from 2021, this new sanction adds an additional €747 million charge for breaching data protection and privacy regulations.

This latest punishment specifically encompassed violations related to Facebook's cookie consent rules; a massive €265 million fine due to its scraping of personal user information; a hefty €405 million fee over Instagram’s infringement against children's privacy rights; as well as various Facebook historical breaches punished with another €17 million penalty.

While Facebook's year-to-year profits have dropped by 21% in 2022, these fines are just a drop in the ocean, considering that the social media platform alone managed to amass $7.5 billion in the first quarter alone.^[3]