Facebook owner Meta will no longer be allowed to use the personal data of its users in Europe for advertising personalization without being asked. This was the decision of the responsible Irish data protection authority DPC. At the same time, the authority imposed a fine of €390 million. According to the DPC, Meta had violated the EU General Data Protection Regulation with its Facebook (fine: €210m) and Instagram (€180m) platforms.
Meta said it was “disappointed” by the ruling and announced it would appeal. Since 2018, the GDPR has regulated under which conditions personal data may be used in the EU. In some cases - for example, when an online store transfers data to a shipping service provider - this can be done without explicit customer consent. After the GDPR came into force in 2018, Facebook – now Meta – declared in its terms of use that playing out personally tailored advertising was part of the service, for which no separate consent was required. This particular interpretation has now been contradicted.
The DPC also demands that Meta change its data processing practices within three months.
