Declaring Meta’s use of users’ personal data for targeted advertising illegal under the European Union's rules, the Ireland Data Protection Commission (DPC) on January 4 imposed a fine of 390 million euros on the company. The regulator has also asked Meta to legalise its ad-serving practices as per EU’s data protection law General Data Protection Regulation (GDPR) in three months. The DPC's rulings concern two cases filed in 2018, when the GDPR came into force, against Facebook and Instagram by an Austrian and a Belgian user respectively for bypassing user consent and tracking their online behaviour for displaying personalised ads under its contractual terms. The DPC, in consultation with the European Data Protection Board imposed fines in both cases—Facebook (210 million euros) and Instagram (180 million euros). Meta Communications Head, Andy Stone, in a series of tweets, claimed that the “decision does not mandate the use of consent” and "any suggestion personalized ads can no longer be offered by Meta across Europe unless each user’s agreement has first been sought is wrong". Stone stated that Meta will be appealing the substance of the rulings and the fines too adding that, "There is a lack of regulatory certainty in this area and the debate around legal bases related to personalized ads has been ongoing for some time." Key points: Article 6 of the GDPR lays out rules for processing of data and 6(1)(a) of states that consent must be obtained to process a subject’s personal data for one or more specific…
