On January 4th, the Data Protection Commission of Ireland fined Meta Ireland a total of 390 million euros: 210 million euros for GDPR breaches in relation to its Facebook service and 180 million euros for breaches related to its Instagram service.
The DPC found that Meta’s processing on the basis of “contract” for personalized ads is not GDPR-compliant.
Now everyone is wondering: will Meta platforms change? And how will this affect Facebook personalized ads?
When GDPR came into effect in May 2018, Facebook decided to put a consent clause into their Terms and Conditions.
📌 According to the GDPR, an organization can process personal data if the processing “is necessary for the performance of a contract to which the data subject is party”.
By doing this, consent became part of the contract, and the laws for consent no longer applied, only contractual laws. This also applied to more complex types of processing, such as behavioral advertising.
That’s why NOYB filed three complaints against Facebook, Instagram, and Whatsapp (Meta-owned companies). However, according to Meta, the Irish DPC allowed the company to rely on the basis of contract for their processing activities.
On December 6th, 2022, the European Data Protection Board (EDPB) adopted three dispute resolution decisions concerning Meta and overruled the Irish DPC saying that consent is a separate aspect and users must say yes or no to their data being used.
On January 4th, 2023, the Irish Data Protection Commission issued the final verdict: the processing on the basis of a contract is not GDPR-compliant, and fined Meta €390 million.
First of all, Meta will have to align its data processing activities to the GDPR: to show personalized ads on Facebook and Instagram, Meta will need the users’ explicit consent. The DPC has given Meta three months to comply.
This might change the way Facebook and Instagram work, at least for EU-based users. Ideally, European users should be able to give or reject their consent to the use of their personal data for behavioral advertising, and, if they reject it, be shown a version of the social media platforms without personalized ads.
However, Meta has already announced that they will appeal the decision of the Irish DPC.
The digital advertising industry is one of the biggest industries online and it’s a fact that personalized ads represent a great source of income.
Many businesses rely on Facebook personalized ads because the amount of data that Meta has at its disposal helps them reach their precise target audience. However, the DPC fine demonstrates once again the DPA’s will to regulate the use of personal information for behavioral advertising.
If Meta switches to consent as a legal basis, they will have to show to EU-based users a yes/no option and allow opt-in. And many people will likely refuse to give their consent.
As with the phasing out of third-party cookies, your ads strategy might have to adapt to this new landscape: businesses will have to rely more on zero-party and first-party data, which are data that users voluntarily share with them. This is not necessarily a bad thing, because this type of data is:
thus making your Facebook ads even more effective!
Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.