Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Meta Hit With 390 Million Euro Fine Over EU Data Breaches

Facebook privacy

Facebook privacy

US social media giant Meta was slapped Wednesday with fines totaling 390 million euros ($413 million) for breaching EU personal data laws on Facebook and Instagram, Ireland’s data regulator said.

Meta and other US Big Tech firms have been hit by huge fines over their business practices in the European Union in recent years and the bloc has also tightened online regulation.

The Irish Data Protection Commission said in a statement that Meta breached “its obligations in relation to transparency” and used an incorrect legal basis “for its processing of personal data for the purpose of behavioural advertising”.

The watchdog reached “final decisions” to fine Meta Ireland 210 million euros in relation to Facebook and 180 million euros in relation to Instagram, for violating Europe’s landmark General Data Protection Regulation (GDPR).

The announcement came one month after Europe’s data regulator, the European Data Protection Supervisor (EDPS), imposed binding decisions over the treatment of personal data by the group.

One of those rulings concerns Meta’s instant messaging division WhatsApp, with Ireland’s DPC due to announce a separate verdict next week.

{ Read: Europe’s Hypocrisy Over Personal Data Privacy Exposed }

The internet giant’s European operations are based in Dublin, along with a number of other major global tech companies including Google, Apple and Twitter.

Advertisement. Scroll to continue reading.

As a result, Ireland’s data protection agency is the lead European regulator responsible for holding them to account.

– ‘Regulatory uncertainty’ –

California-based Meta, which is led by Mark Zuckerberg, expressed disappointment with Wednesday’s news and will appeal.

“The debate around legal bases has been ongoing for some time and businesses have faced a lack of regulatory certainty in this area,” it said in a separate statement. 

“We strongly believe our approach respects GDPR, and we’re therefore disappointed by these decisions and intend to appeal both the substance of the rulings and the fines.”

The company also stressed that the decisions “do not prevent targeted or personalised advertising” and relate “only to which legal basis Meta uses when offering certain advertising”.

{ Read: Has Facebook Sidestepped GDPR’s User Consent Requirements? }

The latest case follows complaints by privacy campaigning group Noyb that Meta’s three app services failed to meet Europe’s strict data protection rules.

Noyb says they flouted the landmark GDPR that came into force in May 2018 by failing to give users the option of holding back their personal data and blocking targeted advertising.

The campaign group welcomed the Irish regulator’s verdicts.

The Facebook owner has faced a series of massive penalties over its behaviour in recent years.

The DPC hit Meta with a 265-million-euro ($275-million) fine in November after details of more than half a billion users were leaked on a hacking website.

That followed a landmark decision by the Irish watchdog to impose a record 405-million-euro fine in September after Meta’s Instagram platform was found to have breached regulations on the handling of children’s data.

In July 2019, Facebook was fined a record $5 billion by the US federal authorities over its privacy controls in the wake of the Cambridge Analytica scandal.

In September 2021, the DPC also fined WhatsApp 225 million euros for failing to comply with its transparency rules for data transfers.

And in France, the CNIL national data watchdog fined Facebook 60 million euros in January 2022 for its use of online “cookies”, the digital trackers used to target advertising.

The latest DPC fines are dwarfed by Meta’s multi-billion-dollar earnings, but the company has been ravaged by a global advertising slump and stagnating user numbers.

Meta said in November that it would axe more than 11,000 staff after profits more than halved to $4.4 billion in the third quarter.

Read: The Potential and Pitfalls of a Federal Privacy Law

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...