Ireland’s Data Protection Commission has fined Meta a total of €390 million for various data processing issues that breach the EU’s GDPR. The reason Ireland has gone after Meta is because Meta, like many other tech giants, runs its European operations from the country. Breaches related to Facebook are costing the company €210 million while breaches related to Instagram will cost an additional €180 million.
The fines that Meta has incurred from the DPC are the result of two complaints that were made back in May 2018 on the date when the GDPR came into operation. The two complainants said that Meta forced them to agree to data processing before being allowed to use the services and that they believed this was done in breach of GDPR.
Interestingly, the DPC had to send its draft decisions to peer regulators in the EU/EEA under the GDPR. Initially, the DPC didn’t agree that Meta asking for users to accept new terms was an issue but other regulators did. It was then taken to the European Data Protection Board (EDPB) after no consensus was reached and the EDPB said the peer regulators were correct on the matter and this ruling was binding.
Along with the fines, the DPC has told Meta it must get in line with GDPR within three months. Additionally, the EDPB has told the DPC to launch a new investigation into all of Facebook’s and Instagram’s data processing operations, with a particular focus on personal data.
Meta has penned a blog post in response to the fines by the DPC claiming that it believes its approach follows GDPR rules and is therefore disappointed with the decision and intends to appeal “both the substance of the rulings and the fines”.