Data protection ignored – Facebook group Meta fined €390 million

“Instead of a yes/no option for personalized ads, they simply moved the opt-in clause to the terms and conditions. This is not only unfair, but clearly illegal. We don’t know of any other company that has tried to ignore the General Data Protection Regulation in such an arrogant way,” says Max Schrems, founder of data protection NGO noyb.

In concrete terms, the Facebook group Meta, which also owns the social network Instagram and the messaging service WhatsApp, used personal data to display personalized advertisements.

Other advertisements are still possible
The European Data Protection Board (EDPB) has thereby rejected an earlier draft by the Irish Data Protection Authority (DPC) that considered Meta’s circumvention of the General Data Protection Regulation (GDPR) to be lawful. In the future, the group of users will have to ask for a “yes/no” option for personalized ads. According to noyb, other forms of advertising, such as context-based advertising based on the content of a page, remain possible. However, everyone must now be able to use the apps without personalized advertising.

“This is a serious blow to Meta’s profits in the EU,” said Schrems. The decision creates a level playing field with other companies, which must also obtain user consent. But Noyb expects the company to challenge the verdict in the Irish courts. The chance of winning such an appointment is minimal. If the ruling becomes final, users can take action against the unlawful use of their data in the past 4.5 years.

In November, Meta was fined €265 million in Ireland. At that time there was talk of 910 million euros in the past 14 months.