Meta is looking at hundreds of millions of euros in fines from European regulators, who say the social media giant used its terms of service in such a way to cover for opaque data processing practices.
The Data Protection Commission (DPC), Europe’s online privacy regulator, has announced the conclusion of two inquiries into Meta’s data processing operations relating to delivery of its Facebook and Instagram services.
‘I Accept’
The DPC’s decision addresses complaints from ‘data subjects’ in Austria and Belgium. The plaintiffs said Meta let users access its social platforms only if they accepted terms of service that would give it legal cover to process user data for personalized ad services. In short, a take-it-or-leave it approach.
The complaints argued that, “by making the accessibility of its services conditional on users accepting the updated Terms of Service, Meta Ireland was in fact ‘forcing’ them to consent to the processing of their personal data for behavioural advertising and other personalised services,” the DPC notes. “The complainants argued that this was in breach of the GDPR.”
Lack of transparency
The DPC sent its draft decisions to peer regulators in the EU and, while not everyone found consensus, it was eventually established that Meta indeed “acted in contravention of its transparency obligations.”
The DPC’s decision includes findings that Meta’s processing of users’ data in purported reliance on the ”contract” binding it and users through the “I Accept” button represented a breach of Article 6 of the GDPR.
In light of an additional infringement of the GDPR, the DPC finally slapped Meta with administrative fines of €210 million (in the case of Facebook) and €180 million (in the case of Instagram).
Meta to appeal the DPC’s decision
For its part, Meta challenged the DPC’s decision within hours, issuing a statement saying, “We strongly believe our approach respects GDPR, and we’re therefore disappointed by these decisions and intend to appeal both the substance of the rulings and the fines.”
Meta blames the conundrum on a lack of regulatory certainty, stressing that the debate among policymakers around which legal bases are most appropriate in a given situation has been ongoing and is still being discussed in the EU’s highest courts.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsNovember 14, 2024
September 06, 2024