Meta Platforms Ireland Limited – €390,000,000 Fine (Ireland, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Ireland's Data Protection Commission fined Meta €390 million for not being clear about how it uses personal data on Facebook and Instagram. Meta's terms of service required users to agree to data processing, which the DPC found lacked transparency. This decision highlights the importance of clearly explaining data practices to users.
What happened
Meta required users to agree to its terms of service, which included data processing, without clearly explaining the purpose and legal basis.
Who was affected
Users of Facebook and Instagram who were required to agree to terms that included unclear data processing practices.
What the authority found
The Irish Data Protection Commission found Meta violated GDPR transparency rules by not clearly explaining how it processes user data.
Why this matters
This ruling emphasizes the need for companies to be transparent about data processing practices. Businesses should ensure their terms of service clearly explain how user data will be used and on what legal basis.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Irish DPA (DPC) has fined Meta Platforms Ireland Limited EUR 390 million. The DPA has imposed a fine of EUR 210 million for violations related to the provision of its Facebook service and EUR 180 million for violations related to the provision of its Instagram service. The Austrian organization 'None of Your Business' (NOYB) had filed a complaint with the DPA on behalf of two individuals. Meta had updated its terms of service shortly before the GDPR came into force. In its new terms of service, Meta informed its users to click 'Agree and Continue' to indicate their agreement with the new terms of service. This was required for further access to the services. Meta assumed that the acceptance of the updated terms of use constituted a contract between Meta and the user, since the processing of the data would be necessary for the provision as well as the improvement of the services. According to Meta, the data processing was therefore lawful pursuant to Art. 6 (1) b) GDPR. However, the complainant argued that Meta was actually trying to rely on consent as a legal basis for processing users' data. By making the access to its services conditional on users' consent to the updated terms of service, Meta was actually forcing users to consent to the processing of their personal data. Following the investigation, the DPC submitted a draft decision under Art. 60 GDPR to other European supervisory authorities concerned. The DPC found that Meta did not rely on user consent as a legal basis, and did not consider 'coerced consent' in this case. It also did not rule out the possibility that Meta relied on a contractual legal basis. In response, the DPC received objections from different supervisory authorities. However, the DPC found that Meta had breached its transparency obligations under the GDPR, by not clearly explaining to users for what purpose and on what legal basis their personal data would be processed. As no agreement could be reached on the disputed points, the DPC
Related Enforcement Actions (5)
Other enforcement actions involving Meta Platforms Ireland Limited in IE
Fine
€390.0M
Details
Fine Date
4 January 2023
Authority
Data Protection Commission
Fine Amount
€390,000,000
Enforcement Tracker ID
ETid-1543
About this data
Cite as: Cookie Fines. Meta Platforms Ireland Limited - Ireland (2023). Retrieved from cookiefines.eu
Last updated: