Meta Fined Over $400 Million for EU Privacy Violations

Meta privacy violations
  • Save

Meta privacy violations
  • Save
Photo Credit: Muhammad Asyfaul

Regulators in Ireland have fined Meta $414 million for EU privacy violations over targeted ads.

A European Union privacy regulator has ruled that Meta can’t use its contracts with Facebook and Instagram users to justify sending them ads based on their online activity. Ireland’s Data Protection Commission also imposed fines on Meta of 390 million euros — $414 million — citing that the company violated EU privacy laws by saying that such ads are necessary to execute contracts with users. Meta has reported disagreeing with the ruling and plans to appeal it and the fines.

While litigation could take years, should the decisions remain, they could mean that Meta will have to allow users to opt out of activity-based ads, which have remained integral to its core business.

Ireland ruled two decisions: one for Facebook and one for Instagram. It gave the company three months to stop relying on its contracts with users to justify its use of “behavioral ads,” targeted based on a user’s online activity. Meta could still seek a stay on implementing the decisions pending its appeal.

Ireland leads enforcement of the EU’s General Data Protection Regulation for Meta, as the company’s European headquarters are in Dublin. The Irish decisions could restrain Meta’s ability to use some of the data it collects on its own apps. 

While the rulings don’t specifically order Meta to seek users’ consent to use their activity data to target their ads, they eliminate the contractual legal justification Meta currently uses to do so. According to privacy lawyers and activists, these decisions leave the company with few other options under EU law to justify targeted ads.

Meta has specified that the decisions don’t prevent personalized advertising on its platforms, and it is evaluating options to continue offering users customized services. The company stated that it rejects the idea that it would have to seek users’ consent as a legal justification under EU law, citing a “lack of regulatory certainty in this area.”

While Meta has long allowed users to opt out of personalizing ads based on data it collects from user activity on other websites and apps, it doesn’t give users any option for opting out of ads based on data about activity on its own platforms, including what posts a users comments on or videos a user watches.

That in-house data is one of Meta’s primary tools for building customized audiences for the personalized ads it sells as part of its core advertising business model. The company raked in $83 billion in advertising revenue for the nine months that ended September 30 — nearly a quarter of which came from Europe.

Privacy regulators in Ireland have now fined Meta nearly $1.4 billion in five different decisions over the past year and a half. The recent decision represents a “warning shot” for digital advertising, as many companies rely on behavioral ads to generate revenue.