Ireland’s Data Protection Commission (DPC) has fined Meta €390 million for breaches at its Facebook and Instagram services and said both must reassess the legal basis on how they run advertising based on personal data in the European Union.
The DPC is Europe’s lead watchdog for Silicon Valley tech firms including Meta which have set up their European headquarters in Ireland.
“The Data Protection Commission (DPC) has today announced the conclusion of two inquiries into the data processing operations of Meta Platforms Ireland Limited (Meta Ireland) in connection with the delivery of its Facebook and Instagram services …” said the DPC.
“Final decisions have now been made by the DPC in which it has fined Meta Ireland €210 million (for breaches of the GDPR relating to its Facebook service), and €180 million (for breaches in relation to its Instagram service).
“Meta Ireland has also been directed to bring its data processing operations into compliance within a period of 3 months.”
The DPC said the inquiries concerned two complaints about the Facebook and Instagram services, each one raising the same basic issues.
One complaint was made by an Austrian data subject in relation to Facebook and the other was made by a Belgian data subject in relation to Instagram.
The complaints were made on 25 May 2018, the date on which the GDPR came into operation.
Meta told Bloomberg that it “strongly disagrees” with the Irish authority’s findings and will appeal.
“These decisions do not prevent targeted or personalized advertising on our platform,” Meta said in an emailed statement. “The decisions relate only to which legal basis Meta uses when offering certain advertising.”