Facebook, Instagram’s legal basis for personalised ads found in breach of EU law

 

The two decisions published on Wednesday (4 January) are a major setback for the Meta-owned social media as they risk jeopardising the company’s entire business model and come with a hefty fine.

Irish Data Protection Commissioner (DPC) published two decisions related to breaches of the General Data Protection Regulation (GDPR), by Meta’s Facebook and Instagram, resulting in fines totalling €210 million and €180 million respectively.

The decisions concern the legal basis for processing personal data for the purpose of personalised advertising, which sits at the core of the company’s business model. The current legal basis was found incompatible with the EU legislation, and Meta will have three months to find a new one. (...)