Meta hit with $413 million fine in EU for breaking GDPR rules

From ComputerWorld: The Irish Data Protection Commission announced Wednesday that it would fine Meta Ireland a total of $413 million for breaches of the EU’s GDPR (General Data Protection Regulation) related to the company’s handling of personal information on Facebook and Instagram.

Under the GDPR, companies looking to process users’ personal information must do so under one of six identified legal bases, which include the consent of the user, necessity to the performance of a contract, and necessity to comply with a legal obligation. Meta, in response to the original user complaints filed under the GPDR in 2018, stated that it would rely on the “contract” justification, rather than the “consent” prong, as it had previously done. (The complaints argued that, by requiring users to agree to Meta’s use of personal information for ad targeting purposes, the company wasn’t offering users any real choice in the matter.)

The Irish DPC’s initial investigation, that regulator said, didn’t find any fault in the company’s decision, but fined Meta instead for failing to provide a clear explanation of the legal basis required to its users. As part of the procedure required by the GDPR, however, the DPC’s peer organizations reviewed the draft decisions against Meta and argued that the “contract” basis for data processing was legally problematic, saying that the provision of personalized advertising wasn’t necessary, as a matter of law, to the fulfillment of the contract entered into by Meta and its users.

View: Full Article