According to the Irish Commission for Data Protection, which acts on behalf of the EU, Meta was based on an erroneous legal basis “for its processing of personal data for advertising purposes” targeted.
The Meta group, the Facebook parent company, was inflicted, Wednesday, January 4, two fines of a total amount of 390 million euros for violation of the General Data Protection Regulations (GDPR), announced the Irish Commission for Data Protection (DPC), which acts on behalf of the European Union.
Meta violated “its obligations in terms of transparency” and was based on an erroneous legal basis “for its processing of personal data for targeted advertising purposes, the Irish regulator said in a press release. This sanction follows the adoption, at the beginning of December, of three binding decisions of the European Data Protection Committee (CEPD), the European regulator of the sector. One of them, concerning WhatsApp, was later notified to the DPC and will be the subject of a decision next week.
The association for the defense of privacy Noyb, at the origin of the three complaints against the group, had accused Meta of reinterpreting consent “as a simple contract of civil law”, which does not allow to refuse advertising targeted. In October 2021, the Irish authority had proposed a decision -making project which validated the legal basis used by Facebook and suggested a fine of 26 to 36 million euros for lack of transparency. The National Commission for Data Protection (CNIL) and other regulators had expressed their disagreement with this sanction project.
Meta will call
They had asked the CEPD to judge the dispute; The latter agreed with the question of the legal basis. The Noyb association welcomed a decision on Wednesday which, she believes, will force Meta to set up “an option of consent yes/no” for the use of the personal data of its users, otherwise The company “cannot use their data for personalized advertising”. Meta said herself “disappointed” of decisions and intends to appeal, “both from the bottom and fines”.
“The debate around legal bases” for the processing of personal data “has been going on for some time and companies have faced a lack of regulatory certainties on the issue,” said the company. “These decisions do not prevent targeted or personalized advertising” and “advertisers can continue to use our platforms to reach potential customers, develop their activity and create new markets”, adds.
The Irish authority has already sentenced Meta in September to a fine of 405 million euros for shortcomings in the processing of minors data, and in November to a fine of 265 million euros for not having protected enough user data.