Meta is expected to face another large fine after Europe’s data watchdog on Tuesday imposed binding decisions concerning the treatment of personal data by the owner of Facebook, Instagram and WhatsApp.
The European Data Protection Supervisor (EDPS) said in a statement that the rulings concerned Meta’s use of data for targeted advertising, but did not give details or recommend fines.
Authorities in Ireland, where Meta has its European headquarters, have a month to impose the ruling.
Previous interventions by the EDPS have led to large fines on tech platforms, including a 405-million-euro fine on Instagram in September over a breach in the handling of children’s data.
The latest case follows complaints by privacy campaigning group Noyb that Meta’s three apps fail to meet Europe’s strict rules on data protection.
Noyb says they flouted the landmark General Data Protection Regulation (GDPR) that came into force in May 2018 by failing to give users the option of holding back their personal data and blocking targeted advertising.
Facebook argues these are vital to its functioning.
“This is not the final decision and it is too early to speculate,” said a Meta spokesman, adding that EU law left open a possibility for targeted ads.
In October 2021, the Irish Data Protection Authority (DPC) recommended a fine of just 28 to 36 million euros for lack of transparency.
But this was rejected as far too low by France’s CNIL (the National Commission for Technology and Freedoms) and other national watchdogs, who asked the EDPS to investigate the case.
“The EU regulators’ decision, if it is upheld, would have a dramatic impact on Meta’s revenue in Europe,” said Debra Aho Williamson, an analyst at Insider Intelligence.
The decision would be a “kneecapping” of Meta’s ability to sell targeted advertising and given the stakes, Meta will “fight vigorously to defend its business”, she said.
According to the Politico news site, internal documents show that Meta earmarked three billion euros for possible European fines in 2022 and 2023.
As well as the Instagram fine in September, Meta was fined a further 265 million euros last month over a data leak that saw half a billion users’ details published on a hacking website.
That adds to a 60-million-euro fine in France in January over its use of “cookies”, the digital trackers used to target advertising.