Meta has been hit with a new €5.5 million fine targeting WhatsApp

In this new ruling, the Irish Data Protection Commission (DPC) finds that the digital giant failed to meet its “transparency obligations”. and cited the wrong legal basis for “processing personal data for service improvement and security purposes”. The regulator acting on behalf of the EU, It gives the California group six months to comply.

This sanction is based on similar grounds to the one announced in early JanuaryTargeting Facebook and Instagram social networks. But the previous ruling also accused these Meta subsidiaries of failings to process personal data for targeted advertising purposes, thus threatening to affect the group’s advertising revenue.

Meta said he intends to file an immediate appeal and added that the sanction does not prevent personalized advertising. Behind these processes, which started in 2018, the privacy association accused the Neub group. to reinterpret consent “as a mere civil law contract.”it specifically does not allow this type of personalized claim to be waived.

This time the fine is less., because it is not related to targeted advertising, but also claims that “the DPC has already imposed a very significant fine of €225 million on WhatsApp” due to facts from the “same period”. The regulator actually criticized WhatsApp in September 2021 did not fulfill its transparency obligationsespecially regarding the transfer of data to other group companies.

Meta said he would also appeal Thursday’s decision.“The (WhatsApp) operation complies with European regulations, both technically and legally,” it said in a statement sent to AFP.

Too kind

But unity On the contrary, Neub believes that the new sanction does not go far enough, explains in a press release, “While WhatsApp does not serve personalized ads, it does provide +metadata+ to Facebook and Instagram.” The latter, if they do not betray the content of the messages, “reveal a lot of information” about the user’s interlocutors and their habits“it can then be used to personalize advertising on the group’s other platforms,” ​​the association says.

The Irish Data Protection Authority is empowered to act on behalf of the EU because Meta’s European headquarters are in Ireland, like many Silicon Valley giants, and their presence is crucial to the country’s economic activity. But DPC is very kindaccording to many peers: In October 2021, he proposed a draft decision approving the legal framework used by Meta and proposed a fine of up to 36 million euros for Facebook and up to 23 million euros for Instagram for lack of transparency.

French Cnil and other regulators expressed their viewsthis sanction is very judgmental very weak. They have asked the European Data Protection Board (EDPB), the European regulator for the sector, to look into the dispute and have ruled in their favor on the legal basis issue in the last three binding decisions, urging the DPC to do so. heavier.

The Irish constable also passed sentence Meta fined €405 million in September for violations in the handling of minors’ data, and up to 265 million euros in November for not adequately protecting its users’ data. At the same time, the EDPS also asked the DPC to conduct a new investigation to find out more about Meta’s use of personal data.

But the Irish authorities believe that the European regulator does not have the power to order it to “engage in an open and speculative investigation”.according to its press release, it is preparing to file a lawsuit before the European justice for the cancellation of this requirement.

In this new ruling, the Irish Data Protection Commission (DPC) finds that the digital giant has failed to comply with its “obligations of transparency” and “relyed on an incorrect legal basis for processing personal data to improve its service”. security”. The EU regulator is giving the Californian group six months to comply. The sanction is based on similar grounds to one announced in early January targeting social networks Facebook and Instagram. But the previous ruling also banned these Meta subsidiaries from using personal data for targeted advertising. accused of failings to process it for its purposes, thereby threatening to affect the group’s advertising revenue. It does not prevent personalized advertising. Privacy association Neub accused the group of reinterpreting consent as a “simple civil rights contract” at the start of these proceedings in 2018. which in particular does not allow us to refuse personalized claims of this type. This time is lower, because it is not related to targeted advertising, but also because, according to the facts of the “same period”, “DPC already paid WhatsApp 225 million euros had imposed a very significant fine”. The regulator indeed 2021 In September, it criticized WhatsApp for failing in its transparency obligations, particularly in sharing information with other companies in the group. Meta announced that he will appeal the decision. Thursday, in a statement sent to AFP. “(WhatsApp’s) operation is both technically and legally compliant with European regulations.” Quite a lot, the comment states, “While WhatsApp does not serve personalized ads, it does provide +metadata+ to Facebook and Instagram.” The latter, if they do not betray the content of the messages, “reveal a lot of information” about the user’s interlocutors and their habits, which “can then be used to personalize advertising” on other platforms of the group, confirms the merger. The Irish Data Protection Authority is empowered to act on behalf of the EU because Meta’s European headquarters, like many Silicon Valley giants, are in Ireland and their presence is crucial to the country’s business economy. But the DPC, according to many of its peers, is too kind: in October 2021, it proposed a draft decision confirming the legal framework used by Meta and proposing a fine of up to 36 million euros and a maximum of 23 million euros for Facebook. Instagram due to lack of transparency. French Cnil and other regulators expressed their disagreement, considering this sanction to be too weak. They have asked the European Data Protection Board (EDPB), the European regulator for the sector, to adjudicate the dispute, which has ruled in their favor on the legal basis issue in the last three binding decisions, urging the DPC to be more vigilant. Irish police also fined Meta €405 million in September for failings to handle minors’ data, and €265 million in November for failing to adequately protect its users’ data. At the same time, the EDPS has also asked the DPC to conduct a new investigation to find out more about the use of personal data by Meta. However, the Irish authorities believe that the European regulator does not have the power to order it “to engage”. in an open and speculative investigation”, according to the press release, he is preparing to file a case before the European justice for the cancellation of this request.