Security News > 2023 > January > Ireland fines Meta $414m for using personal data without asking
Updated A legal saga between Meta, Ireland and the European Union has reached a conclusion - at least for now - that forces the social media giant to remove data consent requirements from its terms of service in favor of explicit consent, and subjects it to a few hundred million more euros in fines for the trouble.
The Irish Data Protection Commision said today that it has made a final decision fining Meta's Irish operating arm a combined €390 million for violations of the EU's General Data Protection Regulation, and directing it to "Bring its data processing operations into compliance within a period of 3 months," the DPC said.
The DPC's decision comes after the European Data Protection Board ruled in December to overturn a previous decision from the DPC that allowed Meta to add data use consent into its terms of service, essentially bypassing the EU's GDPR's requirement for explicit consent.
In its statement discussing the decision, the DPC said that it believed Meta wasn't required to rely on consent, but that the EDPB took "a different view" that Meta wasn't entitled to rely on contract obligations as a basis for allowing collection of personal data to serve ads.
According to Schrems, the penalty being paid out by Meta will go to Ireland, "The state that has taken Meta's side and delayed enforcement for more than four years."
"In 10 years of litigation I have never seen a decision only being served to one party, but not the other," Schrems said, adding that the choice makes it look like the DPC and Meta are trying to jointly shape the narrative around the decision.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/01/04/meta_fined_390_for_using/