Total fine in the amount of 390 million euros applied by the Irish Data Protection Authority to social networks Facebook and Instagram for the violation of the legal provisions stipulated by GDPR

The National Center for Personal Data Protection (NCPDP), for information and application purposes, communicates about total fine in the amount of 390 million euros applied by the Irish Data Protection Authority (SA) to social networks Facebook and Instagram for the violation of the legal provisions stipulated by GDPR.

Following the EDPB’s binding dispute resolution decisions of 5 December 2022, the Irish SA, has adopted its decisions regarding Facebook and Instagram (Meta Platforms Ireland Limited, ‘Meta IE’). These decisions are the result of complaint-based inquiries into Facebook’s and Instagram’s activities in particular concerning the lawfulness and transparency of processing for behavioural advertising. Meta IE was fined with 210 million euros in the Facebook decision and 180 million euros in the Instagram decision by the Irish SA.

These binding decisions were adopted on the basis of Art. 65(1)(a) GDPR, after the Irish SA had triggered two dispute resolution procedures concerning the objections raised by concerned supervisory authorities from ten countries in each case. Among others, the supervisory authorities issued objections concerning the legal basis for processing (Art. 6 GDPR), data protection principles (Art. 5 GDPR), and the use of corrective measures including fines.

The NCPDP, as national supervisory authority for personal data processing, emphasizes the responsibility of personal data controllers to comply with the provisions of legal framework on personal data protection and to ensure that personal data processing operations are in accordance with the legislation in force.