Ireland fines Meta €390m for “forcing” users to accept targeted ads

Ireland’s Data Protection Commission (DPC) has fined Meta €390 million over its handling of user data and “forcing” users to accept the processing of their personal data for targeted ads.

The fines concern two complaints over Meta’s Facebook and Instagram services, filed in 2018, both raising the same issue over Meta’s compliance with the European Union’s (EU’s) data protection laws.

In 2018, the EU’s General Data Protection Regulation (GDPR) came into effect, which set stricter and more robust rules over data processing for sites such as Facebook and Instagram.

Thus, according to the DPC, users using the social media sites were required to accept the new terms of service, which stated that they must agree to the processing of their data, or not be able to use the sites.

The complaints alleged that this counts as “forcing” users to consent to targeted advertising, in breach of the new GDPR rules.

The DPC found that Meta’s updates were not clearly outlined to users, with no clarity as to what data processing operations were being carried out on their personal data.

As well as the fines, DPC has told Meta that it must align with GDPR within three months. Plus, the European Data Protection Board (EDPB) has told the DPC to launch an investigation into Meta and its data processing operations, particularly with personal data.

In response to the fines, Meta has published a blog post stating that it plans to appeal to the substance of the rulings and the fines. The tech giant said it believes that it follows GDPR rules and is disappointed with the decision.