Irish regulators on Wednesday hit Facebook parent Meta with hundreds of millions in fines for online privacy violations and banned the company from forcing European users to agree to personalized ads based on their online activity.
Ireland鈥檚 Data Protection Commission imposed two fines totaling 390 million euros ($414 million) in its decision in two cases that could shake up Meta鈥檚 business model targeting users with ads based on what they do online.
The watchdog fined Meta 210 million euros for violations of the European Union鈥檚 strict data privacy rules involving Facebook and an additional 180 million euros for breaches involving Instagram.
It鈥檚 the commission鈥檚 latest punishment for Meta for data privacy infringements, for the company since 2021 that total more than 900 million euros.
The decision stems from complaints filed in May 2018 when the 27-nation EU鈥檚 privacy rules, known as the General Data Protection Regulation, or GDPR, took effect.
Previously, Meta relied on getting informed consent from users to process their personal data to serve them personalized, or behavioral, ads. When GDPR came into force, the company changed the legal basis under which it processes user data by adding a clause to the terms of service for advertisements, effectively forcing users to agree that their data could be used. That violates EU privacy rules.
The Irish watchdog initially sided with Meta but changed its position after the draft decision was sent to a board of EU data protection regulators, many of whom objected.
In its final decision, the Irish watchdog said Meta 鈥渋s not entitled to rely on the 鈥榗ontract鈥 legal basis to deliver behavioral adverts on Facebook and Instagram.鈥
Meta said in a statement that 鈥渨e strongly believe our approach respects GDPR, and we鈥檙e therefore disappointed by these decisions and intend to appeal both the substance of the rulings and the fines.鈥
The Irish watchdog is Meta鈥檚 lead European data privacy regulator because its regional headquarters is in Dublin.