When Privacy Costs €390 Million: Unpacking Meta’s GDPR Violations

Meta was recently fined €390 million ($425 million) by the European Union’s regulatory authorities for violating the General Data Protection Regulation (GDPR). The verdict was predicated on Meta’s inability to demonstrate that it uses users’ privacy data within reasonable limits for its personalized advertisements.

Although Meta has declared an intention to appeal the decision, it continues to assess the implications of the court’s judgement.

Previously, Meta required users to agree to terms related to personalized advertising before utilizing services such as Facebook, Instagram, or WhatsApp. The EU interpreted this design as an infringement on user freedom. Simultaneously, the requirement to accept the condition of providing personal privacy for advertising was seen as a violation of the GDPR.

From the EU’s perspective, Meta must establish that users willingly agree to provide privacy data in order for it to utilize such data in its advertising operations. However, validating the voluntary provision of personal privacy by users, rather than acquiescence under compulsion, poses a significant challenge.

From Meta’s viewpoint, if users are permitted to independently determine whether they consent to display personalized ads based on their privacy, many will inevitably opt not to provide personal privacy data. This could lead to a reduction in Meta’s revenue generated through advertising on platforms like Facebook.

Prior to this, Apple introduced a feature in iOS 14 enabling users to customize whether they permit the use of their privacy to display more precise ad content. Google subsequently added similar settings in the Android operating system to allow users to control the way ads are displayed, further impacting Meta’s advertising revenue.