Meta Faces €600 Million Fine in Europe for Possible Data Protection Violations
Meta is facing a new battle in Spain as a coalition of Spanish media demands €600 million in compensation as part of an anti-competition lawsuit against the company, alleging that Meta has repeatedly violated EU data protection rules to dominate the local advertising market.
The group representing 83 Spanish media outlets claims that Meta continued to collect user data without consent, in violation of the EU's General Data Protection Regulation (GDPR) which came into effect in 2018.
According to GDPR, all platforms that use personal data must obtain explicit user consent. However, the group alleges that Meta has failed to do so both in EU countries and wherever they see both platforms acting in violation of laws and maximizing their market dominance.
To comply with GDPR, Meta has worked on various interpretations of the legislation, especially regarding how users can signal their consent.
Back in January, Meta discussed how it was working towards GDPR compliance by rephrasing the requirements of its applications.
According to Meta:
“Facebook and Instagram are fundamentally personalized, and we believe that providing each user with a unique experience, including the ads they see, is an essential and important part of this service. To date, we have relied on a legal basis called 'legitimate interest' to show people behavioral ads based on their actions on our platforms, taking into account their security and privacy settings. It would be highly unusual for a social service not to be tailored to individual users.”
This particular approach seems to be the basis for this new push, as Meta recently acknowledged that it will need to update the legal basis it uses to process “certain data for behavioral advertising.”
This change is intended to address a number of evolving and emerging regulatory requirements in the region, particularly how our lead data protection regulator in the EU, the Irish Data Protection Commission (DPC), now interprets GDPR in light of recent court rulings, as well as expected enforcement of the Digital Markets Act (DMA).
It appears that this element of interpretation has led to a new push from the Spanish media coalition, which claims that it can also apply in any other region where Meta operates.
Meta has not yet commented on the new claim.
The evolving EU rules regarding data have posed serious challenges for all website operators, introducing new requirements for compliance with user consent and permissions for data. In doing so, various major companies have also tried to find loopholes in the system that would allow them to continue offering their services as they always have, without impacting their processes.
Meta's latest trick on this front is a new ad-free subscription package for users in the EU which essentially allows Meta to maintain its core advertising business model while also giving users the option to opt-out if they pay. Meta doesn't actually want users to pay for an ad-free version, but simply offering the option is enough, at least in some legal interpretations, to fulfill these new requirements.
However, this is also being contested as a privacy advocacy group has lodged a complaint with the Austrian Data Protection Authority, claiming that this approach, which essentially forces users to pay for privacy protection, also violates GDPR rules.