Meta accumulates more than 2.5 billion euros in fines
The record fine imposed on Meta is undoubtedly the most emblematic, but it is far from being the first for the American group. There Irish CNIL sanction of 1.2 billion…
The record fine imposed on Meta is undoubtedly the most emblematic, but it is far from being the first for the American group. There Irish CNIL sanction of 1.2 billion euros against the group of Mark Zuckerberg, for not having respected the rules of the European art in the transfer of data to the United States, thus enlarges the list of sanctions and reprimands on the part of European regulators.
Since 2018 and the entry into application of the European regulation on the protection of personal data (RGPD), Meta – which heads Facebook, Instagram and WhatsApp – is the group most sanctioned by the European authorities, on the rise. “It is a visible group, with a large amount of processed data, which allows it to be very well informed about a large population. There is also a very strong interweaving between the different Meta companies, notes Alan Walter, founding partner of Walter Billet Avocats. European regulators want to show that they act and that the GDPR applies even if it concerns foreign companies with less strict legislation in their country. »
For five years, the GDPR has gradually increased in power, with increasingly heavy fines, for various companies. Until Meta today, Amazon Europe held the record for the heaviest fine (since 2018, therefore): it had been fined 746 million euros, in July 2021, in Luxembourg, for the implementation of targeted advertising carried out without consent. Google had been sentenced by the CNIL to pay two fines at the end of 2021, for a total of 150 million euros, on the thorny subject of cookies. “The vast majority of penalties are less than 100 million,” continues the lawyer.
Meta now accumulates well over 2.5 billion euros in fines for five years. In many cases, he appealed. A look back at the main sanctions of recent years in Europe.
Beginning of January 2023: 390 million euros
Earlier this year, the Irish Data Protection Commission (DPC) imposed two sanctions totaling almost 400 million euros on the group of Mark Zuckerberg, whose European headquarters are in Dublin. She believes that he has violated “his transparency obligations” and relies on an erroneous legal basis “for his processing of personal data for the purpose of targeted advertising”.
The group, which had modified its conditions of use shortly before the entry into force of the GDPR, had been the subject of complaints from the ociation for the defense of privacy NOYB.
November 2022: 265 million euros
The American social media giant has suffered a heavy fine of 265 million euros by the Irish regulator on behalf of the EU, for not having sufficiently protected the data of its users.
The Irish policeman announced in April 2021 the opening of an investigation targeting Facebook, after the revelation of a hack by hackers of the data of more than 530 million users dating back to 2019. He wanted to know if Meta had protected the data of its users with regard to the GDPR.
September 2022: 405 million euros
Instagram, a subsidiary of Meta, had been imposed a sanction – then record – of 405 million euros for breaches to the processing of minors’ data.
The regulator had opened an investigation at the end of 2020 to determine whether the application had put in place the necessary safeguards to protect user data – especially if they are minors, when you must be at least 13 years old. to open an account on Instagram.
September 2021: 225 million euros
The first major sanction after the entry into force of the GDPR, in spring 2018, is a fine of 225 million euros to WhatsApp, the instant messaging subsidiary of Facebook. The DPC criticized WhatsApp for not sufficiently informing messaging users about the use that the subsidiary and its parent company reserve for their data.
Meta has also been subject to lower sanctions, in particular a fine of 60 million euros from the CNIL, announced at the beginning of 2022 in the field of the protection of personal data.