The Meta group still sanctioned.
Facebook's parent company was fined two heavy fines totaling 390 million euros on Wednesday for violating the European Data Regulation (GDPR), announced the Irish regulator, which acts on behalf of the European Union.
The Irish Data Protection Commission (DPC) clarified in a statement that Meta had breached “its transparency obligations” and was relying on an incorrect legal basis “for its processing of personal data for advertising purposes. » targeted.
The privacy group Noyb, which initiated the three complaints against the group, had accused Meta of reinterpreting consent "as a simple civil law contract", which does not allow you to opt out of targeted advertising.
Read alsoOur children addicted to TikTok: “The long-term effects on young brains will be dramatic”
The association welcomed this Wednesday a decision which, it believes, will force Meta to set up "a yes/no consent option" for the use of its users' personal data, failing which the company “cannot use their data for personalized advertising”.
Meta said he was "disappointed" with the decisions and indicated his intention to appeal, "both on the merits and on the fines", in a statement sent to AFP.
“The debate around the legal bases” for the processing of personal data “has been going on for some time and companies are faced with a lack of regulatory certainty on the issue”, estimated the company.
"These rulings do not preclude targeted or personalized advertising" and "advertisers can continue to use our platforms to reach potential customers, grow their business and create new markets," Meta added.
Many times condemned
This sanction follows the adoption in early December of three binding decisions by the European Data Protection Board (EDPS), the European regulator for the sector.
One of them, concerning WhatsApp, was later notified to the DPC and will be the subject of a decision next week.
In October 2021, the Irish authority had originally proposed a draft decision which validated the legal basis used by Facebook and suggested a fine of 26 to 36 million euros for lack of transparency.
The French Cnil and other regulators had expressed their disagreement with this sanction project, considered to be much too weak.
They had asked the EDPS to judge the dispute, and the latter agreed with them on the question of the legal basis.
The Irish Constable has already fined the Californian giant in September for 405 million euros for failures in the processing of minors' data, and in November to the tune of 265 million euros for not having sufficiently protected the data. of its users.