Meta’s been blasted by the EU privacy watchdog for breaching GDPR — now what? | International Association of Digital Marketing Professionals (IADMP)

By Krystal Scanlon

It turns out that Meta has been illegally forcing users to accept personalized ads across Facebook and Instagram for years — at least that’s the case in Europe. Earlier this week, Ireland’s Data Protection Commission (DPC) ruled that the social media giant has been engaging in this practice, even after it changed its terms of use back in 2018. In other words, users must accept Meta’s terms or they can’t use any of its platforms.

The ruling and its consequences could fundamentally change how Meta’s ad business makes money in one of its largest markets going forward.

But before we dig into the hypotheticals, here’s a quick recap of what has actually happened: According to the DPC’s investigations, Meta hasn’t been transparent about how users’ data is collected and used. Buried deep in the tomes that are the terms and conditions for each of Meta’s social platforms are statements that essentially mean someone must either agree to let their data be used to serve them targeted ads or stop using the services altogether. This didn’t sit well with the DPC.

“The DPC considered that a lack of transparency on such fundamental matters contravened Articles 12 and 13(1)(c) of the GDPR,” stated the regulator. “It also considered that it amounted to a breach of Article 5(1)(a), which enshrines the principle that users’ personal data must be processed lawfully, fairly and in a transparent manner.”

It’s further evidence of the law catching up with (and coming down upon) all the players in the behavioral advertising ecosystem.

So what now?

Meta has been ordered to pay a hefty fine of €390 million ($412 million), of which €210 million ($222 million) relates to Facebook, while the remaining €180 million ($190 million) relates to Instagram.

All told, a fine like this is like a parking ticket for the likes of Meta. The real issue is what happens next. The DPC stated Meta Ireland has three months to sort out its data operations so they comply with the GDPR going forward. However, it hasn’t specified what Meta must do to rectify the situation — leaving many curious about what road the social media giant might take.

Cue a lot of speculation as to whether the jig is finally up for Meta in one of its biggest markets. Last fall, Meta reported it had around 408 million users in Europe.

Nigel Jones, director of The Privacy Compliance Hub, said he believes Meta will have to find a legal basis for using customer data to serve up behavioral advertising and be completely transparent about it. This is no easy feat for even a company as fleet-footed as Meta.

“It can’t force users to consent and it can’t hide things away in its terms and conditions,” he said. “Therefore, it seems likely Meta is facing a direct choice between arguing that it has a ‘legitimate interest’ in using data in this way, or asking users to freely choose whether they consent to behavioral advertising.”

That second option is easier said than done.

Russell Howe, vp …read more

Source:: Digiday