Irish DPC Penalized Meta on Ads

The Irish Data Protection Commission has fined Meta $414 million for its management of user data for distributing personalized ads.

The fines include one for violations of the E.U. GDPR in relation to Facebook, and another for violations of the same nature in Instagram. Meta Ireland has also been informed to bring its data processing operations into compliance within a period of three months.

Concerns that the social media business used its Terms of Service to tricks users into allowing targeted advertising based on their online activities led to the current situation.

Meta Ireland considered that, on accepting the updated Terms of Service, a contract was entered into between Meta Ireland and the user. It is not entitled to rely on the ‘contract’ legal basis in connection with the delivery of behavioral advertising as part of its Facebook and Instagram services, and that its processing of users’ data to date, in purported reliance on the ‘contract’ legal basis, amounts to a contravention of Article 6 of the GDPR.

Meta claims that personalizing the adverts it serves based on data it has about consumers’ online behavior is a basic component of the tailored service it offers. But the complaint against Meta declared that the tactics used by the company were “not just unfair but clearly illegal”.

Meta has already seen a decline in ad revenue over the past year because of Apple‘s privacy changes in iOS last year that require apps to ask for permission before tracking users.

Late last year in December, Meta agreed to pay $725 million to settle a class-action lawsuit accused of providing customer data to third parties without their consent.