Meta uses user data for personalized advertising and declares this to be part of its offer. Therefore, consent is not necessary. Error, judge Irish data protection officers and prohibit the procedure. However, the authority had to be urged to examine it.
The Facebook group Meta has suffered a serious defeat in court and may now have to reconsider parts of its business model in Europe. In the future, the company may no longer use its users' personal data unsolicited for the personalization of advertising, as the responsible Irish data protection authority DPC has decided. At the same time, it imposed a fine of 390 million euros. The group violated the EU General Data Protection Regulation (GDPR) with its Facebook and Instagram platforms. In a first reaction, Facebook said: "We strongly believe that our approach respects the GDPR and are therefore disappointed with these decisions."
Both cases deal with personalized advertising and the way in which Meta collects and processes personal data from users. 210 million euros are due for the Facebook violation and 180 million euros for Instagram. The Irish regulator has long refrained from taking action against Facebook and Meta after complaints from Facebook customers and data protection activists. In December, the European Data Protection Board overruled the DPC, urging the Irish authority to take firm action against the internet giant.
Since 2018, the GDPR has regulated the conditions under which personal data may be used. In some cases, this can also take place without the explicit consent of the customer, for example if an online shop transfers data to the parcel service provider. After the GDPR came into force, Facebook (today Meta Platforms) included the display of personally tailored advertising in its terms of use Service declared, for which no own consent is necessary. This interpretation has now been dismissed.
The authority concluded that the company then effectively urged its users to accept certain terms, otherwise the services would no longer have been usable for them. The Irish authority also requires Meta to change its data processing practices within three months.
Data protection advocate Max Schrems, who is one of the complainants, criticized Meta's approach: "Instead of having a yes/no option for personalized advertising, they simply moved the consent clause to the general terms and conditions. That's not only unfair, it's clear illegal."
