Meta started 2023 with GDPR penalties. The investigations of the Irish DPC , the data controller of the European Union, against Instagram and Facebook, members of the Meta application family, have been completed. According to the information in the press release of the DPC , Facebook was fined 210 million euros and Instagram 180 million euros.
DPC’s decision confirms the binding decision of the European Data Protection Board (edpb) last month in the context of complaints that the contractual obligation (Contractual Necessity) does not provide a basis for processing personal data for behavioral advertising .
In addition to this penalty, Meta has to make its data processing processes GDPR compliant within 3 months. Thus, Meta will have to get users’ consent for behavioral ads . Users who do not want to be exposed to behavioral advertisements will not be profiled and these users will not be targeted .
The implementation of the decision by Meta will also deeply affect their revenues in EU countries. The company may therefore consider the option to appeal under EU privacy law. If there is a case of appeal, the implementation of the decision will be delayed for years.
In a blog post he shared, Meta stated that he respects the GDPR, but that personalization is an important and necessary part of the services offered by Instagram and Facebook. However, the company stated that the decision will not prevent the use of personalized advertising . Likewise, Meta emphasized that, within the scope of the decision, obtaining the consent of users for advertising-based data processing cannot be obligatory.