European Union: Issued EUR 210 million fine to Meta Ireland for Facebook GDPR Violations

On 31 December 2022, the Irish Data Protection Commission (DPC) adopted its ruling in the investigation conducted into Meta Platforms Ireland Limited concerning its service Facebook, a user-generated content platform, for its data processing activities. The DPC fined Facebook EUR 210 million for the identified data protection violations. In its ruling, the DPC directed Meta to change its policies to comply with the transparency data processing obligations within three months. In its investigation, the DPC found that Meta violated the transparency requirements by failing to clearly inform its users regarding its data processing policy and noted that the legal basis used by the company to process the user's personal data was insufficient. The DPC found that Meta did not rely on users' consent to process personal data and relied on a "contract" to give legality to its processing activities, which was found to be insufficient as a legal basis for processing under General Data Protection Regulation.