Along with the fine, the DPC told Meta that it must comply with the GDPR within three months.
The Irish Data Protection Commission (DPC) fined Meta a total of 390 million euros due to various data processing problems that violate the EU GDPR. Ireland opposed Meta because the company, like many other tech giants, manages its European operations from the country.
The fines imposed on Meta by the DPC can be traced back to two complaints that were received back in May 2018, the day the GDPR entered into force. The two complainants alleged that Meta forced them to consent to data processing before allowing them to use the services, which they believed was in breach of the GDPR.
It is interesting that, pursuant to the GDPR, the DPC had to send its draft decisions to the equal regulatory authorities of the EU/EEA. The DPC initially disagreed with Meta asking users to accept new terms, but other regulators did. After no consensus was reached, the case was taken to the European Data Protection Board (EDPB), and the EDPB said the co-regulators were right in the case and that the decision is binding.
Along with the fine, the DPC told Meta that it must comply with the GDPR within three months. In addition, the EDPB called on the DPC to launch a new investigation into all data processing operations of Facebook and Instagram, with a particular focus on personal data.
Meta responded to the fines imposed by the DPC in a blog post, stating that it believes its approach complies with GDPR rules, is disappointed by the decision and intends to appeal “both the content of the decisions and the fines”.