Belgian Instagram user (represented by noyb - European Centre for Digital Rights) – €180,000,000 Fine (Ireland, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Irish Data Protection Commission fined Meta EUR 180 million for requiring Instagram users to accept terms that forced them to consent to data processing. This was deemed a violation of GDPR rules on consent. The case emphasizes that companies cannot make service access conditional on accepting data processing terms.
What happened
Meta required Instagram users to accept terms that forced consent to data processing, violating GDPR.
Who was affected
Instagram users who were required to accept terms to continue using the service.
What the authority found
The Data Protection Commission ruled that Meta's practice of forcing users to consent to data processing as a condition for using Instagram violated GDPR's consent requirements.
Why this matters
This decision highlights that companies must ensure consent is freely given and cannot be tied to service access. Businesses should review their consent practices to avoid similar violations.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
Entities Involved
In order to access Instagram, an online social network service operated in the EU by “Meta IE”, a user was required to provide certain information and accept a series of terms and conditions (the “Terms of Use”). Under the GDPR, Instagram was obliged to have a lawful basis for the processing of personal data of its users. Article 6(1) GDPR details the lawful bases upon which such data can be processed. The company was also obliged to provide detailed information to users at the time their personal data was obtained in relation to, among others, the purposes of any data processing and the legal basis for such processing. To continue to access the Instagram platform, all users were required to accept the updated Terms of Use prior to 25 May 2018, the date the GDPR became applicable. Those existing users who were not willing to accept the new terms were advised of the option to delete their Instagram account. A Belgian Instagram user, the “data subject” and “complainant”, filed a complaint against Meta IE, the controller. The complainant was represented by “noyb – European Centre for Digital Rights”, a privacy NGO based in Austria. The complainant alleged that Meta IE’s data processing practices on the Instagram platform amounted to “forced consent”, and constituted a violation of the GDPR. The complaint, originally filed with the Belgian DPA (APD), advanced a number of grounds upon which the consent of the data subject could not be considered “freely given”. Firstly, there existed a clear imbalance of power between controller and data subject. This is likely to affect the voluntariness of the latter’s consent for the processing of personal data. The complaint alleges that, in this case, the controller undisputedly has a dominant market position in the area of social networking services and, in combination with the “lock in” and “network” effects, the data subject is left with no other realistic alternatives. Secondly, the use of the Instagram service is conditional u
Related Enforcement Actions (0)
No other enforcement actions found for Belgian Instagram user (represented by noyb - European Centre for Digital Rights) in IE
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
31 December 2022
Authority
Data Protection Commission
Fine Amount
€180,000,000
GDPRhub ID
gdprhub-5619About this data
Cite as: Cookie Fines. Belgian Instagram user (represented by noyb - European Centre for Digital Rights) - Ireland (2022). Retrieved from cookiefines.eu
Last updated: