Latest Meta GDPR fine brings 12-month total to more than €1 billion

Meta’s latest fines bring the total penalties incurred by the tech giant to more than €1 billion over the last 12 months.

On Wednesday 4 January, Ireland’s Data Protection Commission (DPC) imposed two sizeable fines on the social media giant totalling €390 million for GDPR violations.

A lengthy probe by the data protection watchdog found that Meta’s use of data across its Facebook and Instagram platforms was unlawful.

The DPC investigation was launched following complaints made by privacy campaigner Max Schrems in 2018. The complaint argued that, in order to comply with the newly-implemented regulations, both platforms requested users click “I accept” to confirm they agreed to updated conditions for ad targeting purposes.

According to the DPC, this meant the social media company had “forced” user consent to data processing unless they left the social media platforms, resulting in a breach of privacy regulations.

An initial fine of €210 million was issued for GDPR violations on Facebook, the DPC said, while a second €180 million fine was also related to breaches by Instagram.

In a ruling on Wednesday, the DPC said that Meta must also bring its data processing operations in line with GDPR requirements within three months.

Meta said it plans to appeal the ruling, and told CNBC that the decision will not result in a ban on personalised advertising on Meta platforms.

“The suggestions that personalised ads can no longer be offered by Meta across Europe unless each user’s agreement has first been sought is incorrect,” a spokesperson for the company said.

“There has been a lack of regulatory clarity on this issue, and the debate among regulators and policymakers around which legal basis is most appropriated in a given situation has been ongoing for some time,” the statement added.

Forrester analyst Stephanie Liu warned that if the ruling stands, however, Meta will likely be forced to “explicitly ask users for consent for behavioural advertising” - or find a workaround.

“It would also need processes, workflows, and capabilities to disable targeted advertising for users who don’t consent while also convincing advertisers that its properties are still worthy of their ad budgets,” Liu added.

Recurring Meta fines

This latest batch of fines marks the climax of a difficult 12 months for the social media giant. Across the past year, Meta has incurred more than €1 billion in fines from European regulators.

In November, the company was fined €265 million by the DPC after a lengthy probe into a damaging data scraping incident.

The 17-month inquiry found that personal data belonging to more than 533 million Facebook users was publicly available online, and had been scraped from the platform over a 15-month period between May 2018 and September 2019.

Two months prior, in September 2022, regulators also imposed a €405 million fine after Instagram was found to have mishandled teenagers’ personal information.

This consistent wave of regulatory crackdowns has prompted the tech giant to set aside a €2bn (£1.7bn) fund to accommodate for penalties expected across 2023, according to reports from the Irish Times.