Data Protection Commission of Ireland fine A meta-total of €390 million for various data processing issues that violate the EU GDPR. The reason Ireland went after Meta is because Meta, like many other tech giants, runs its European operations from the country. The breaches related to Facebook cost the company 210 million euros while the breaches related to Instagram will cost another 180 million euros.
The fines received by Meta from the DPC are the result of two complaints filed back in May 2018 on the date the GDPR came into effect. The two complainants said that Meta forced them to agree to data processing before being allowed to use the services and that they believe this was done in violation of the GDPR.
Interestingly, the DPC has had to send its draft decisions to fellow EU/EEA regulators under the GDPR. Initially, the DPC did not agree that Meta asking users to accept new terms was a problem, but other regulators did. It was referred to the European Data Protection Board (EDPB) after no agreement was reached and the EDPB said the peer regulators were right on the matter and this ruling is binding.
Along with the fines, the DPC told Meta it must comply with GDPR within three months. In addition, the EDPB told the DPC to open a new investigation into all data processing operations of Facebook and Instagram, with a particular focus on personal data.
Meta wrote a Blog post In response to the DPC’s fines, claiming that it believes that its approach complies with the rules of the GDPR and is therefore disappointed by the decision and intends to appeal “both the substance of the ruling and the fines”.