The European Data Protection Board (EDPB) has fined Meta
millions of dollars and told the company to stop serving ads based on personal data.
The EDPB told Meta it must obtain opt-in consent from users for advertising, and rejected the claim by Meta
that its use of personal data is covered by contractual law requirements.
Meta does not currently provide an opt-in option for its users as required by General Data Protection Regulation
(GDPR).
Ireland’s Data Protection Commission announced the ruling on Wednesday, and imposed fines of 390 million euros, or $411 million, saying the company violated EU privacy laws by
saying such ads are necessary to execute contracts with users, according to one report.
Facebook and Instagram have three months to stop
relying on their contracts with users to justify its use of the ads, which are targeted based on a user’s online behavior and activity.
Ireland’s privacy regulator said it issued
its decisions after a board representing all privacy regulators in the bloc last month ordered the Irish regulator to do so, over the Irish regulator’s objections,
Ireland leads
the enforcement of the EU’s GDPR for Meta because the company’s European headquarters are in Dublin, according to The Wall Street Journal.
About one-quarter of
Meta’s $83 billion in advertising revenue for the nine months that ended September 30, came from Europe.
“We strongly believe our approach respects GDPR, and we’re therefore
disappointed by these decisions,” a spokesman told the WSJ.